Published Date: 7/5/2022 Source(s): Chrome Security Sector: Security Vulnerability Reported by: Google Chrome Date(s) Issued: 7/4/2022 Subject CVE-2022-2294 – Google Chrome WebRTC Heap Buffer Overflow
OVERVIEW WebRTC heap based buffer overflow allowing Remote Code execution and DoS related to Google Chrome Browser. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code.
SYSTEMS AFFECTED: The vulnerability has been proved in Windows and Android Google Chrome.
RISK:
Potential for remote code execution, denial of service (DoS) just by visiting a malicious site, as well as decreased browser performance.
THREAT SUMMARY:
Little is known at this time in regards to the technical details behind the zero-day exploitation. We will continue to monitor and provide additional updates as more is known.
Recommendations: • Go to settings in Chrome Browser About Chrome Check for Updates Click on RELAUNCH to apply security fix. • Chrome Browser should be on Version 103.0.5060.114 (Official Build) (64-bit) post update.