Google Chromium WebRTC Heap Buffer Overflow Vulnerability

Added Jan. 2, 2024 • Due Jan. 23, 2024 • CVE-2023-7024

Overdue Google / Chromium WebRTC CWE-787

Description

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
https://nvd.nist.gov/vuln/detail/CVE-2023-7024

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 2 weeks ago