Type: Vulnerability Priority: P1 Severity: S2 Status: Fixed Description: This UAF is similar with the previous issue but with a different root cause and places for the UAF. The issue occurs in Chrome version 107.0.5304.87 on the Stable channel on Mac OS. Chromium Labels: - Vulnerability - Needs-Triage-M107 - external_security_report - Security_Impact-Extended - reward-inprocess - CVE_description-submitted Assignee: wy...@chromium.org Component Tags: Ui>Browser>Shopping>Cart Problem Steps: The calls function when loaded in NTP. The UAF places are different than the previous issue. Call Chain: If the db file is corrupted or initialization fails, a callback will be posted to the background thread.