Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability [CVE-2021-37979]

CVE number – CVE-2021-37979

A memory corruption vulnerability exists in the WebRTC functionality of Google Chrome 92.0.4515.159 (Stable) and 95.0.4623.0 (Canary). A specially-crafted web page can trigger this vulnerability, which can cause a heap buffer overflow and result in remote code execution.

This vulnerability is in WebRTC, which is a technology that enables websites to capture/stream audio/video and other data between browsers.

While executing the attached PoC on Ubuntu 20.04 x64 / Windows 10 x64 machine with ASAN enabled, Chrome crashes inside the SendVideo function from RTPSenderVideoFrameTransformerDelegate

Victim would need to visit a malicious website to trigger this vulnerability.

Tested Versions

Google Chrome 95.0.4623.0 (Canary)
Google Chrome 92.0.4515.159 (Stable)

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: