November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 4, 2022Rewterz Threat Advisory – CVE-2022-2077 – Microsoft Outlook 365 Vulnerability
July 5, 2022Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 4, 2022Rewterz Threat Advisory – CVE-2022-2077 – Microsoft Outlook 365 Vulnerability
July 5, 2022
Severity
High
Analysis Summary
CVE-2022-2294
It pertains to a heap overflow flaw in the WebRTC component, which enables real-time audio and video communication in browsers without the need to download or install plugins. Based on security considerations, Google will only disclose the full details of the vulnerability after most users update. Often such vulnerabilities can be used to execute arbitrary code or escape the browser’s security sandbox, and interested researchers can wait for subsequent Google disclosures.
“Google is aware that an exploit for CVE-2022-2294 exists in the wild. Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
CVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year,
CVE-2022-0609
CVE-2022-1096
CVE-2022-1364
Impact
- Denial of Service
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-2294
Affected Vendors
Affected Products
Google Chrome 103.0.5060.114
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Website.
Google Chrome Releases Website