VDB
GSD-2016-1646
GSD-2016-1646
PUBLISHED
CVSS 8.800000190734863 HIGH
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Mar 25, 2016 CVE Published
- Sep 25, 2019 PoC Published
- Oct 9, 2020 PoC Published
- Jun 14, 2023 PoC Published
- Dec 24, 2024 PoC Published
- Feb 23, 2025 PoC Published
- Mar 3, 2025 PoC Published
- Feb 2, 2026 PoC Published
- Apr 17, 2026 Distribution Patch
- Apr 17, 2026 Distribution Patch
- Apr 17, 2026 Security Advisory
- Apr 17, 2026 Security Advisory
References
- RHSA-2016:0525 vendor-advisory
- openSUSE-SU-2016:0929 vendor-advisory
- openSUSE-SU-2016:1059 vendor-advisory
- http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html url
- https://codereview.chromium.org/1804963002/ url
- 1035423 vdb
- openSUSE-SU-2016:0930 vendor-advisory
- https://code.google.com/p/chromium/issues/detail?id=594574 url
- DSA-3531 advisory
- USN-2955-1 advisory
- GLSA-201605-02 advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1646 advisory