Real-Time Streaming

Phenix’s Platform Design Insulates it from CVE-2022–2294 Vulnerability

Written by Amber Shafer | Jul 7, 2022 4:26:00 PM
Background

A critical vulnerability has been identified in Chrome which affects open-source components of WebRTC and is being actively exploited.

If using Chrome’s WebRTC implementation in versions 102.0.5 or lower, the vulnerability can be used to compromise confidentiality, integrity, and availability by exploiting a memory leak to inject malicious code.

Upgrading to version 103.0.5060.114 eliminates this vulnerability.

What This Means for Our Customers

Unlike other technology providers who use WebRTC, we’ve invested in building out our own WebRTC infrastructure from the ground up, without relying on third-party, open source implementations.

We quickly realized that building the world’s most scalable real-time video streaming platform would require a level of focus and control that simply can’t be achieved by adopting someone else’s code (which, incidentally, was also architected for different use cases with smaller audiences than those we imagined), so we invested in designing a system purpose-built for speed, scale, and security.

Because Phenix built its own WebRTC stack for iOS, Android and cloud platforms from the ground up, Phenix and its customers are not vulnerable to the recently identified WebRTC-related zero-day exploit in Chrome.

We do, however, recommend that our customers encourage their viewers to update their browser to avoid malicious code injections from other sites.

Security Posture

Here at Phenix, we’re as passionate about security as we are about sub-second latency at scale.

But, for us, being the fastest simply wasn’t enough. In addition to agonizing over shaving milliseconds off every small step in the workflow, we’ve obsessed about keeping our systems secure and our customers’ content protected.

To achieve our high standards for security, we’ve also built our own secure buffering code and utilize a variety of best practices around software deployment and process isolation to minimize our exposure and to limit the scope of potential harm in the event of an exploit.

As a security-first organization, Phenix recommends that anyone using Chrome or Chromium based browsers always install updates in a timely fashion to receive critical patches.

Additional information about the exploit