← Back to CVEs
CVE-2016-1646
HIGHCISA KEV8.8
Description
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published3/29/2016
Last Modified4/21/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorGoogle
ProductChromium V8
Vulnerability NameGoogle Chromium V8 Out-of-Bounds Read Vulnerability
KEV Date Added2022-06-08
Remediation Due Date2022-06-22
Ransomware UseUnknown
Affected Products
canonical:ubuntu_linuxdebian:debian_linuxgoogle:chromeopensuse:leapopensuse:opensuseredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_workstationsuse:package_hub
Weaknesses (CWE)
CWE-125CWE-125
References
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(chrome-cve-admin@google.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(chrome-cve-admin@google.com)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(chrome-cve-admin@google.com)
http://www.debian.org/security/2016/dsa-3531(chrome-cve-admin@google.com)
http://www.securitytracker.com/id/1035423(chrome-cve-admin@google.com)
http://www.ubuntu.com/usn/USN-2955-1(chrome-cve-admin@google.com)
https://code.google.com/p/chromium/issues/detail?id=594574(chrome-cve-admin@google.com)
https://codereview.chromium.org/1804963002/(chrome-cve-admin@google.com)
https://security.gentoo.org/glsa/201605-02(chrome-cve-admin@google.com)
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0525.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3531(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035423(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2955-1(af854a3a-2127-422b-91ae-364da2661108)
https://code.google.com/p/chromium/issues/detail?id=594574(af854a3a-2127-422b-91ae-364da2661108)
https://codereview.chromium.org/1804963002/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201605-02(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.