CVE-2022-1135

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 100.0.4896.60 Microsoft Edge (affected versions not specified)

Description The issue is related to a use after free vulnerability in the Shopping Cart component, which can be exploited by a remote attacker to potentially gain unauthorized access to protected information via a specially crafted web page. This can be achieved through standard user interaction, potentially leading to heap corruption. Google has released an update for Chrome that fixes 28 documented vulnerabilities, some of which are severe enough to lead to code execution attacks. The update, Chrome 100.0.4896.60, is available for Windows, Mac, and Linux users and addresses 9 high-severity issues, including use after free and buffer overflow errors.

Recommendations For Google Chrome versions prior to 100.0.4896.60, update to Chrome 100.0.4896.60 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.