CVE-2022-2294
CVE-2022-2294
In short
A flaw in Google Chrome's WebRTC feature allows attackers to crash your browser or potentially run malicious code by sending a specially crafted webpage. This happens because the browser doesn't properly check memory boundaries when processing audio or video data.
Technical detail
Heap buffer overflow in WebRTC due to improper bounds checking on audio/video data processing. Remote attacker can trigger heap corruption via crafted HTML page; no user interaction beyond visiting the page is required. Impact includes denial of service and potential code execution with browser privileges.
Summary generated and translated by AI from the official description.
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.htmlhttps://crbug.com/1341043https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/https://security.gentoo.org/glsa/202208-35https://security.gentoo.org/glsa/202208-39https://security.gentoo.org/glsa/202311-11https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294http://www.openwall.com/lists/oss-security/2022/07/28/2