Heap buffer overflow in WebRTC in Google Chrome before 103.0.5060.114 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
fedoraproject extra packages for enterprise linux 8.0 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
webkitgtk webkitgtk |
||
wpewebkit wpe webkit |
||
apple mac os x |
||
apple mac os x 10.15.7 |
||
apple macos |
||
apple iphone os |
||
apple ipados |
||
apple watchos |
||
apple tvos |
||
webrtc project webrtc - |
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources How sad – this looks like a fine excuse to avoid video conferences for a while
Google has issued an unexpected update to its Chrome browser to address a zero-day WebRTC flaw that is actively being exploited. The culprit is CVE-2022-2294, and is a problem in WebRTC – the code that imbues browsers with real-time comms capabilities. Details of the flaw, number 1341043, are not currently detailed in the Chromium project bug log, and details of the CVE have not been published at the time of writing. But Google's notification of a new browser version describes it as: "Heap buf...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Update addresses heap buffer overflow and type confusion bugs in Google's browser engine
Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day. The Windows giant uses the Chromium engine in its latest browser. As such, when something needs urgent fixing in Chrome, one can expect Edge to follow not far behind. For CVE-2022-2294 and CVE-2022-2295, a new version of Edge has been pushed out, taking the version number in the stable channel to 103.0.1264.49. Most serious of the duo is CVE-2022-2294, a heap buffer overflow...