CVE-2022-2294

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 103.0.5060.114

Description A heap buffer overflow issue in WebRTC allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This issue affects web browsers that use WebRTC, including Google Chrome. The vulnerability may allow an attacker to execute arbitrary code. It has been reported that this issue is being exploited in the wild, with threats including the use of watering hole techniques and the Devilstongue threat in various geographic locations such as Lebanon, Yemen, Turkey, and Palestine.

Recommendations For Google Chrome versions prior to 103.0.5060.114, update the browser to version 103.0.5060.114 or later to patch the vulnerability. As a temporary workaround, consider disabling WebRTC functionality until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation. Avoid using crafted HTML pages that could trigger the heap buffer overflow issue until the browser is updated.