On July 4, 2022, Google released security updates to fix a zero-day vulnerability in its Chrome web browser. The company claimed that the vulnerability has already been used in the wild. The flaw, tracked as CVE-2022-2294, pertains to a heap overflow vulnerability in the WebRTC component, enabling real-time audio and video communication in browsers without needing to download or install plugins. When data is rewritten in the memory’s heap area, a heap buffer overflow can cause arbitrary code execution or a denial-of-service (DoS) condition. “Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker’s code. When the consequence is arbitrary code execution, this can often be used to subvert any other security service,” stated MITRE.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is