As software vulnerabilities grow in type, volume and complexity, researchers have proposed various techniques to assist devel opers in discovering, detecting, and localizing vulnerabilities. However, researchers still need to exert considerable effort to ma nually repair these vulnerabilities. Recent works have focused on automated vulnerability repair, but such a task is merely treated as a sequence-to-sequence translation process, which makes it difficult to localize the defects and thus results in low-quality repairs. Providing developers with such low-quality repairs compromises the efficiency and effectiveness of vulnerability repair. In this paper, we propose an automated software vulnerability repair approach based on chain-of-thought, named CotRepair, which first identifies the locations that are most likely to contain vulnerable code and then generates repairs more accurately based on the predicted locations. The results show that CotRepair outperforms the baselines in various metrics, and the effectiveness of the proposed approach is demonstrated from several aspects.