CVE-2022-4906

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 108.0.5359.71

Description The issue is related to an inappropriate implementation in Blink, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This is due to a use-after-free vulnerability in the page display mechanism. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until the update is applied. Avoid using the vulnerable Blink component in Google Chrome until the issue is resolved.