Aggregates CVE and security vulnerability intelligence across all webrtc_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk buffer overflow, and vendor risk denial of service and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-2294 KEV | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | [email protected] | 8.8 | 1.11% | 2022-07-28 | 2025-10-24 |
| CVE-2021-28681 | Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.) | [email protected] | 5.3 | 0.07% | 2021-03-18 | 2024-11-21 |
| CVE-2016-1976 | Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | [email protected] | 5.5 | 0.69% | 2016-03-13 | 2026-05-06 |
| CVE-2016-1975 | Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | [email protected] | 6.3 | 0.56% | 2016-03-13 | 2026-05-06 |