CVE-2022-2294

HIGH KEV RANSOMWARE

Google Chrome < 103.0.5060.114 - Out-of-Bounds Write

Title source: rule

Description

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References (9)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/07/28/2

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html

[Permissions Required] https://crbug.com/1341043

[Broken Link] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/

[Broken Link] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/

[Third Party Advisory] https://security.gentoo.org/glsa/202208-35

[Third Party Advisory] https://security.gentoo.org/glsa/202208-39

[Third Party Advisory] https://security.gentoo.org/glsa/202311-11

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294

Scores

CVSS v3 8.8

EPSS 0.0117

EPSS Percentile 78.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-08-25

VulnCheck KEV 2022-07-01

InTheWild.io 2022-07-01

ENISA EUVD EUVD-2022-34567

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (14)

apple/ipados < 15.6

apple/iphone_os < 15.6

apple/macos < 11.6.8

apple/mac_os_x 10.15.7 (17 CPE variants)

apple/mac_os_x < 10.15.7

apple/tvos < 15.6

apple/watchos < 8.7

fedoraproject/extra_packages_for_enterprise_linux 8.0

fedoraproject/fedora 35

fedoraproject/fedora 36

... and 4 more

Published Jul 28, 2022

KEV Added Aug 25, 2022

Tracked Since Feb 18, 2026