8.8

CVE-2022-2294

Warnung

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 103.0.5060.114
FedoraprojectFedora Version35
FedoraprojectFedora Version36
WebkitgtkWebkitgtk Version < 2.36.5
WpewebkitWpe Webkit Version < 2.36.5
AppleiPadOS Version < 15.6
AppleiPhone OS Version < 15.6
ApplemacOS X Version < 10.15.7
ApplemacOS X Version10.15.7 Update-
ApplemacOS X Version10.15.7 Updatesecurity_update_2020
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-005
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-007
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-004
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-005
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-006
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-007
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-008
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-004
ApplemacOS Version < 11.6.8
ApplemacOS Version >= 12.0 < 12.5
AppletvOS Version < 15.6
ApplewatchOS Version < 8.7
Webrtc ProjectWebrtc Version-

25.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

WebRTC Heap Buffer Overflow Vulnerability

Schwachstelle

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.19% 0.838
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://crbug.com/1341043
Permissions Required