CVE-2016-1646
critical-risk
Published 2016-03-29
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Do I need to act?
!
66.5% chance of exploitation in next 30 days
EPSS score — higher than 33% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (13)
References (23)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0525.html
Mailing List
http://www.debian.org/security/2016/dsa-3531
Broken Link
http://www.securitytracker.com/id/1035423
Third Party Advisory
http://www.ubuntu.com/usn/USN-2955-1
Third Party Advisory
https://security.gentoo.org/glsa/201605-02
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0525.html
Mailing List
http://www.debian.org/security/2016/dsa-3531
Broken Link
http://www.securitytracker.com/id/1035423
Third Party Advisory
http://www.ubuntu.com/usn/USN-2955-1
and 3 more references
73
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
26/34 · High
Exposure
17/34 · Moderate