Heap Buffer Overflow in WebRTC Could Lead to Heap Corruption

CVE-2023-7024

8.8HIGH

Key Information

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 21 December 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

A critical vulnerability in WebRTC in Google Chrome has been identified, allowing remote attackers to exploit heap corruption via a crafted HTML page. The potential impact is high, as it allows users to take control of the system. The vulnerability has been exploited in the wild, and it is important to update to the latest version of Chrome to mitigate the risk. The exploit requires end user interaction and clicking on a crafted HTML page, which then allows attackers to run malicious code remotely. It is recommended to apply browser updates and ensure protection with a security tool like Morphisec. This vulnerability highlights the importance of timely patching and security vigilance in protecting against advanced cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-7024 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.