Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-7024 | Google Chromium WebRTC Heap Buffer Overflow Vulnerability | primary_impact | T1574 | Hijack Execution Flow |
Comments
This heap buffer overflow vulnerability is exploited by a remote attacker via a crafted HTML page. This vulnerability has been leveraged by the NSO group to enable remote code execution within a browser's WebRTC component to install the spyware Pegasus on victim endpoints.
References
|
| CVE-2023-7024 | Google Chromium WebRTC Heap Buffer Overflow Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This heap buffer overflow vulnerability is exploited by a remote attacker via a crafted HTML page. This vulnerability has been leveraged by the NSO group to enable remote code execution within a browser's WebRTC component to install the spyware Pegasus on victim endpoints.
References
|