CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
86.8%
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Recent assessments:
gwillcox-r7 at July 05, 2022 3:18am UTC reported:
Looks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html, yet interestingly https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html also note it affects Chrome for Android.
There is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadnβt heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.
With heap overflow bugs I generally err on the side of βwell these things are harder to exploitβ however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. Iβd still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3
www.openwall.com/lists/oss-security/2022/07/28/2
chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
crbug.com/1341043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294
lists.fedoraproject.org/archives/list/[email protected]/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
lists.fedoraproject.org/archives/list/[email protected]/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
security.gentoo.org/glsa/202208-35
security.gentoo.org/glsa/202208-39
security.gentoo.org/glsa/202311-11
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
86.8%