Felix Weinrank

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96 Mozilla Firefox versions prior to 84.0.2 Firefox ESR versions prior to 84.0.2 Firefox for Android versions prior to 84.0.2 Description: The issue is related to a use-after-free vulnerability in the WebRTC implementation, specifically in the COOKIE-ECHO extension. This vulnerability can be exploited by a remote attacker using a crafted SCTP packet, potentially leading to heap corruption or arbitrary code execution. The vulnerability is caused by accessing memory after it has been freed in the COOKIE-ECHO handler. Recommendations: For Google Chrome versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later. For Mozilla Firefox versions prior to 84.0.2, update to version 84.0.2 or later. For Firefox ESR versions prior to 84.0.2, update to version 84.0.2 or later. For Firefox for Android versions prior to 84.0.2, update to version 84.0.2 or later. As a temporary workaround, consider disabling WebRTC until a patch is available. Restrict access to the COOKIE-ECHO extension to minimize the risk of exploitation. Avoid using the `COOKIE-ECHO` handler in the affected SCTP packet until the issue is resolved.