8.8
CVSSv3

CVE-2022-2294

Published: 28/07/2022 Updated: 01/09/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Vulnerability Summary

Heap buffer overflow in WebRTC in Google Chrome before 103.0.5060.114 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject extra packages for enterprise linux 8.0

fedoraproject fedora 35

fedoraproject fedora 36

webkitgtk webkitgtk

wpewebkit wpe webkit

Vendor Advisories

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (bullseye), these problems have been fixed in version 10305060114-1~deb11u1 We recommend that you upgrade your chromium packages For the detailed security status o ...
Hi, everyone! We've just released Chrome 103 (1030506071) for Android: it'll become available on Google Play over the next few daysThis release includes security,stability and performance improvements You can see a full list of the changes in the Git log  Security Fixes and RewardsNote: Access to bug details and links may be ...
The Stable channel has been updated to 10305060114 for Windows which will roll out over the coming days/weeks A full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a great place to r ...
The Extended Stable channel has been updated to 10205005148 for Windows and Mac which will roll out over the coming days/weeks The following critical security fix has been included in this release  [$TBD][1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2 ...
LTC-102 has been updated in the LTC (Long Term Support Candidate) channel to 10205005153 (Platform Version: 146951140) for most ChromeOS devices Want to know more about Long-term Support? Click here This update includes the following Security fixes:1335458  Critical  CVE-2022-2156   Use ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...

Github Repositories

FuYao - Go 扶摇直上九万里 加入Discord|问题反馈|漏洞列表 自动化进行目标资产探测和安全漏洞扫描|适用于赏金活动、SRC活动、大规模使用、大范围使用|通过使用被动在线资源来发现网站的有效子域|使用零误报的定制模板向目标发送请求,同时可以对大量主机进行快速扫描。|提供TCP

Recent Articles

Google Patches Chrome’s Fifth Zero-Day of the Year
Threatpost • Elizabeth Montalbano • 18 Aug 2022

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.
The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” according to the advisory posted by Google.
Google credits Ashley Shen and Christian Resell of its Google Threat Analys...

Google Patches Actively Exploited Chrome Bug
Threatpost • Elizabeth Montalbano • 05 Jul 2022

While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.
Chrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in separate blog posts published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the bro...

Google updates Chrome to squash actively exploited WebRTC Zero Day
The Register • Simon Sharwood, APAC Editor • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources How sad – this looks like a fine excuse to avoid video conferences for a while

Google has issued an unexpected update to its Chrome browser to address a zero-day WebRTC flaw that is actively being exploited.
The culprit is CVE-2022-2294, and is a problem in WebRTC – the code that imbues browsers with real-time comms capabilities.
Details of the flaw, number 1341043, are not currently detailed in the Chromium project bug log, and details of the CVE have not been published at the time of writing. But Google's notification of a new browser version describes it a...

Chromium's WebRTC zero-day fix arrives in Microsoft Edge
The Register • Richard Speed • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Update addresses heap buffer overflow and type confusion bugs in Google's browser engine

Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day.
The Windows giant uses the Chromium engine in its latest browser. As such, when something needs urgent fixing in Chrome, one can expect Edge to follow not far behind. For CVE-2022-2294 and CVE-2022-2295, a new version of Edge has been pushed out, taking the version number in the stable channel to 103.0.1264.49.
Most serious of the duo is CVE-2022-2294, a heap buf...

Google patches new Chrome zero-day flaw exploited in attacks
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.
"Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a 
 published on Monday.
The 103.0.5060.114 version is rolling out worldwide in the Stable Desktop channel, with Google saying that it's a matter of days or weeks until it ...