CVE-2016-1646
CVE-2016-1646
In short
Google Chrome's JavaScript engine had a flaw in how it handled array concatenation, allowing attackers to crash the browser or potentially execute code through specially crafted web pages.
Technical detail
CWE-125 out-of-bounds read in V8's Array.prototype.concat due to improper element type validation; remote attack vector via malicious JavaScript in web content; pre-condition requires user to visit or interact with crafted page; impact ranges from DoS to potential arbitrary code execution.
Summary generated and translated by AI from the official description.
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0525.htmlhttps://code.google.com/p/chromium/issues/detail?id=594574https://codereview.chromium.org/1804963002/https://security.gentoo.org/glsa/201605-02https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646http://www.debian.org/security/2016/dsa-3531http://www.securitytracker.com/id/1035423http://www.ubuntu.com/usn/USN-2955-1