1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Google Chromium WebRTC Heap Buffer Overflow Vulnerability

Known Exploited Vulnerabilities CVE-2023-7024 Mappings

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability primary_impact T1574 Hijack Execution Flow
Comments
This heap buffer overflow vulnerability is exploited by a remote attacker via a crafted HTML page. This vulnerability has been leveraged by the NSO group to enable remote code execution within a browser's WebRTC component to install the spyware Pegasus on victim endpoints.
References
  1. https://thehackernews.com/2024/02/global-coalition-and-tech-giants-unite.html
  2. https://www.darkreading.com/cloud-security/google-eighth-zero-day-patch-2023-chrome
CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
This heap buffer overflow vulnerability is exploited by a remote attacker via a crafted HTML page. This vulnerability has been leveraged by the NSO group to enable remote code execution within a browser's WebRTC component to install the spyware Pegasus on victim endpoints.
References
  1. https://thehackernews.com/2024/02/global-coalition-and-tech-giants-unite.html
  2. https://www.darkreading.com/cloud-security/google-eighth-zero-day-patch-2023-chrome