CVE-2022-2294

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-2294
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2022/07/28/2 Mailing List Third Party Advisory
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html Release Notes Vendor Advisory
https://crbug.com/1341043 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ Broken Link
https://security.gentoo.org/glsa/202208-35 Third Party Advisory
https://security.gentoo.org/glsa/202208-39 Third Party Advisory
https://security.gentoo.org/glsa/202311-11 Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/07/28/2 Mailing List Third Party Advisory
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html Release Notes Vendor Advisory
https://crbug.com/1341043 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ Broken Link
https://security.gentoo.org/glsa/202208-35 Third Party Advisory
https://security.gentoo.org/glsa/202208-39 Third Party Advisory
https://security.gentoo.org/glsa/202311-11 Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294 US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*
History

24 Oct 2025, 14:09

Type Values Removed Values Added
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294 - US Government Resource

22 Oct 2025, 00:18

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294 -

21 Oct 2025, 20:19

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:19

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294 -

21 Nov 2024, 07:00

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2022/07/28/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/07/28/2 - Mailing List, Third Party Advisory
References () https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html - Release Notes, Vendor Advisory () https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html - Release Notes, Vendor Advisory
References () https://crbug.com/1341043 - Permissions Required () https://crbug.com/1341043 - Permissions Required
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ - Broken Link () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ - Broken Link
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ - Broken Link () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ - Broken Link
References () https://security.gentoo.org/glsa/202208-35 - Third Party Advisory () https://security.gentoo.org/glsa/202208-35 - Third Party Advisory
References () https://security.gentoo.org/glsa/202208-39 - Third Party Advisory () https://security.gentoo.org/glsa/202208-39 - Third Party Advisory
References () https://security.gentoo.org/glsa/202311-11 - Third Party Advisory () https://security.gentoo.org/glsa/202311-11 - Third Party Advisory

28 Jun 2024, 14:08

Type Values Removed Values Added
References () https://crbug.com/1341043 - Permissions Required, Vendor Advisory () https://crbug.com/1341043 - Permissions Required
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ - Broken Link
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ - Broken Link
References () https://security.gentoo.org/glsa/202311-11 - () https://security.gentoo.org/glsa/202311-11 - Third Party Advisory

25 Nov 2023, 11:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/', 'name': 'FEDORA-2022-0102ccc2a2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/', 'name': 'FEDORA-2022-1d3d5a0341', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ -
  • () https://security.gentoo.org/glsa/202311-11 -

29 Nov 2022, 15:54

Type Values Removed Values Added
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

26 Oct 2022, 13:50

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202208-39 - (GENTOO) https://security.gentoo.org/glsa/202208-39 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202208-35 - (GENTOO) https://security.gentoo.org/glsa/202208-35 - Third Party Advisory

01 Sep 2022, 03:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-39 -

21 Aug 2022, 08:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-35 -

04 Aug 2022, 17:33

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CWE CWE-787
CPE cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
References (MISC) https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html - (MISC) https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html - Release Notes, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/07/28/2 - (MLIST) http://www.openwall.com/lists/oss-security/2022/07/28/2 - Mailing List, Third Party Advisory
References (MISC) https://crbug.com/1341043 - (MISC) https://crbug.com/1341043 - Permissions Required, Vendor Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/ - Mailing List, Third Party Advisory

29 Jul 2022, 00:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/07/28/2 -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/ -

28 Jul 2022, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-07-28 02:15

Updated : 2025-10-24 14:09

NVD link : CVE-2022-2294

Mitre link : CVE-2022-2294

CVE.ORG link : CVE-2022-2294

JSON object : View

Products Affected

apple

  • tvos
  • mac_os_x
  • ipados
  • macos
  • watchos
  • iphone_os

webkitgtk

  • webkitgtk

google

  • chrome

wpewebkit

  • wpe_webkit

webrtc_project

  • webrtc

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux
CWE
CWE-787

Out-of-bounds Write