CVE-2022-2294 — WebRTC WebRTC

known ransomware use

WebRTC Heap Buffer Overflow Vulnerability

Added to KEV

2022-08-25

Federal due date

2022-09-15

Vendor

WebRTC

Product

WebRTC

EPSS

81.5th percentile (score 0.015, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2022-2294

CISA short description

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.