Google Chrome Zero - Day
Incident Report for CyFlare
Published Date: 7/5/2022
Source(s): Chrome Security
Sector: Security Vulnerability
Reported by: Google Chrome
Date(s) Issued: 7/4/2022
Subject CVE-2022-2294 – Google Chrome WebRTC Heap Buffer Overflow

WebRTC heap based buffer overflow allowing Remote Code execution and DoS related to Google Chrome Browser.
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.
Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code.

The vulnerability has been proved in Windows and Android Google Chrome.


Potential for remote code execution, denial of service (DoS) just by visiting a malicious site, as well as decreased browser performance.


Little is known at this time in regards to the technical details behind the zero-day exploitation. We will continue to monitor and provide additional updates as more is known.

• Go to settings in Chrome Browser  About Chrome  Check for Updates  Click on RELAUNCH to apply security fix.
• Chrome Browser should be on Version 103.0.5060.114 (Official Build) (64-bit) post update.

Developing Situation:
The SOC will continue to research emerging related threats in the wild or from the cyber community. Furthermore, the SOC will hunt related indicators of compromise.
We have several detections in place to verify malicious connections as well as emerging threat hunting and will continue to update IOC’s as more information is released in relation to this zero-day.
Should you have any questions or concerns please place a ticket with the SOC using or by calling 877.729.3527 extension 2.

Thank you,
Your CyFlare SOC
Posted Jul 05, 2022 - 18:51 EDT
This incident affects: Breach Detection Service.