CVE-2016-1612Improper Input Validation in Google Chrome

CWE-20Improper Input ValidationCWE-704Incorrect Type Conversion or Cast7 documents6 sources
Severity
7.6HIGHNVD
EPSS
1.0%
top 22.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 25
Latest updateMay 17

Description

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

NVDgoogle/chrome47.0.2526.106

🔴Vulnerability Details

3
GHSA
GHSA-vw47-pv6r-6w2w: The LoadIC::UpdateCaches function in ic/ic2022-05-17
OSV
oxide-qt vulnerabilities2016-01-27
OSV
CVE-2016-1612: The LoadIC::UpdateCaches function in ic/ic2016-01-22

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-01-27
Red Hat
chromium-browser: bad cast in V82016-01-20

💬Community

1
Bugzilla
CVE-2016-1612 chromium-browser: bad cast in V82016-01-22