CVE-2022-2606

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 104.0.5112.79

Description The issue is related to a use after free vulnerability in the Managed devices API, which can be exploited by a remote attacker using a specially crafted HTML page. This can potentially lead to heap corruption. The attacker must convince a user to enable a specific Enterprise policy to exploit this issue.

Recommendations For Google Chrome versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later to resolve the issue. As a temporary workaround, consider disabling the Managed devices API until a patch is available. Restrict access to crafted HTML pages to minimize the risk of exploitation. Avoid enabling specific Enterprise policies that may facilitate the exploitation of this issue until the update is applied.