CVE-2022-2294: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-09-15

Exploited in the wild

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_15.6_and_ipados	—	—
apple	ipados	< 15.6	15.6
apple	iphone_os	< 15.6	15.6
apple	mac_os_x	< 10.15.7	10.15.7
apple	mac_os_x	—	—
apple	macos	< 11.6.8	11.6.8
apple	macos	>= 12.0 < 12.5	12.5
apple	macos_monterey	—	—
apple	safari	—	—
apple	tvos	< 15.6	15.6
apple	watchos	< 8.7	8.7
chromium	chromium	>= 0 < 103.0.5060.114-1~deb11u1	103.0.5060.114-1~deb11u1
chromium	chromium	>= 0 < 103.0.5060.114-1	103.0.5060.114-1
chromium	chromium	>= 0 < 103.0.5060.114-1	103.0.5060.114-1
chromium	chromium	>= 0 < 103.0.5060.114-1	103.0.5060.114-1
debian	chromium	< chromium 103.0.5060.114-1 (bookworm)	chromium 103.0.5060.114-1 (bookworm)
debian	webkit2gtk	< chromium 103.0.5060.114-1 (bookworm)	chromium 103.0.5060.114-1 (bookworm)
debian	wpewebkit	< chromium 103.0.5060.114-1 (bookworm)	chromium 103.0.5060.114-1 (bookworm)
fedoraproject	extra_packages_for_enterprise_linux	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
google	chrome	< 103.0.5060.114	103.0.5060.114
google	chrome	>= unspecified < 103.0.5060.114	103.0.5060.114
google	chrome_chrome	—	—
msrc	microsoft_edge	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH

vulncheck8.8HIGH

cisa8.8HIGH