Lucene search

K
attackerkbAttackerKBAKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61
HistoryJul 28, 2022 - 12:00 a.m.

CVE-2022-2294

2022-07-2800:00:00
attackerkb.com
613
webrtc
google chrome
heap buffer overflow
remote code execution
exploit
sandbox escape
avast threat intelligence
targeted attacks
browser security
patching
in the wild exploitation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.014

Percentile

86.8%

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Recent assessments:

gwillcox-r7 at July 05, 2022 3:18am UTC reported:

Looks like this was a heap buffer overflow in WebRTC which could allow for a drive by attack that would grant attackers RCE on a target system. No news as to whether or not this was used with a sandbox escape though, It was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 according to https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html, yet interestingly https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html also note it affects Chrome for Android.

There is a real world exploit for this out in the wild but given the generally tight lipped news around this and that it was found from a threat intelligence team, I would imagine this may have been used in more targeted attacks, but still widely enough that a threat intelligence team picked up on it. Bit hard to tell though since I hadn’t heard about the Avast Threat Intelligence team prior to this; I imagine its possible one of their customers was targeted selectively and then they found out and notified Google.

With heap overflow bugs I generally err on the side of β€œwell these things are harder to exploit” however with browsers you typically have access to a much wider arsenal to use for crafting the heap into a state that is desirable for exploitation purposes, so the risk is a bit higher here. That being said exploitation of such bugs tends to be a little more complex in most cases, particularly given recent mitigations. I’d still recommend patching this one if you can, but if not then you should try to disable WebRTC on your browsers until you can patch given in the wild exploitation.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.014

Percentile

86.8%