CVE-2022-2852

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 104.0.5112.101 Microsoft Edge (affected versions not specified)

Description A use after free in FedCM allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is related to the use of memory after it has been freed, which could allow a remote attacker to execute arbitrary code. The issue is associated with the Federated Credential Management (FedCM) API, which enables the creation of unified identity services that preserve privacy and work without cross-site tracking mechanisms, such as third-party cookie handling.

Recommendations For Google Chrome versions prior to 104.0.5112.101, update to version 104.0.5112.101 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.