diff --git a/modules/rtp_rtcp/source/rtcp_packet/remb.cc b/modules/rtp_rtcp/source/rtcp_packet/remb.cc
index 39795fb79c..1389ca7836 100644
--- a/modules/rtp_rtcp/source/rtcp_packet/remb.cc
+++ b/modules/rtp_rtcp/source/rtcp_packet/remb.cc
@@ -67,15 +67,15 @@ bool Remb::Parse(const CommonHeader& packet) {
   }
 
   ParseCommonFeedback(payload);
-  uint8_t exponenta = payload[13] >> 2;
+  uint8_t exponent = payload[13] >> 2;
   uint64_t mantissa = (static_cast<uint32_t>(payload[13] & 0x03) << 16) |
                       ByteReader<uint16_t>::ReadBigEndian(&payload[14]);
-  bitrate_bps_ = (mantissa << exponenta);
+  bitrate_bps_ = (mantissa << exponent);
   bool shift_overflow =
-      (static_cast<uint64_t>(bitrate_bps_) >> exponenta) != mantissa;
-  if (shift_overflow) {
+      (static_cast<uint64_t>(bitrate_bps_) >> exponent) != mantissa;
+  if (bitrate_bps_ < 0 || shift_overflow) {
     RTC_LOG(LS_ERROR) << "Invalid remb bitrate value : " << mantissa << "*2^"
-                      << static_cast<int>(exponenta);
+                      << static_cast<int>(exponent);
     return false;
   }
 
diff --git a/modules/rtp_rtcp/source/rtcp_packet/remb_unittest.cc b/modules/rtp_rtcp/source/rtcp_packet/remb_unittest.cc
index 391a61de89..c439d9c5f6 100644
--- a/modules/rtp_rtcp/source/rtcp_packet/remb_unittest.cc
+++ b/modules/rtp_rtcp/source/rtcp_packet/remb_unittest.cc
@@ -101,13 +101,26 @@ TEST(RtcpPacketRembTest, ParseFailsWhenUniqueIdentifierIsNotRemb) {
 TEST(RtcpPacketRembTest, ParseFailsWhenBitrateDoNotFitIn64bits) {
   uint8_t packet[kPacketLength];
   memcpy(packet, kPacket, kPacketLength);
-  packet[17] |= 0xfc;  // Set exponenta component to maximum of 63.
+  packet[17] |= 0xfc;  // Set exponent component to maximum of 63.
   packet[19] |= 0x02;  // Ensure mantissa is at least 2.
 
   Remb remb;
   EXPECT_FALSE(test::ParseSinglePacket(packet, &remb));
 }
 
+TEST(RtcpPacketRembTest, ParseFailsWhenBitrateDoNotFitIn63bits) {
+  uint8_t packet[kPacketLength];
+  memcpy(packet, kPacket, kPacketLength);
+  packet[17] = 56 << 2;  // Set exponent component to 56.
+  packet[18] = 0;        // Set mantissa to 200 > 128
+  packet[19] = 200;
+
+  // Result value 200 * 2^56 can't be represented with int64_t and thus should
+  // be rejected.
+  Remb remb;
+  EXPECT_FALSE(test::ParseSinglePacket(packet, &remb));
+}
+
 TEST(RtcpPacketRembTest, ParseFailsWhenSsrcCountMismatchLength) {
   uint8_t packet[kPacketLength];
   memcpy(packet, kPacket, kPacketLength);