⚠ Actively exploited

Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..

CVE-2016-1646 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents10 sources

Severity

8.8HIGHNVD

OSV9.8

EPSS

66.5%

top 1.46%

CISA KEV

KEV

Added 2022-06-08

Due 2022-06-22

Exploit

Exploited in wild

Active exploitation observed

Affected products

Google Chrome Canonical Ubuntu Linux Debian Linux +6 more

Timeline

PublishedMar 29

KEV addedJun 8

KEV dueJun 22

Latest updateDec 5

CISA Required Action: Apply updates per vendor instructions.

Description

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDgoogle/chrome< 49.0.2623.108

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 15.10, 16.04, Enterprise Linux 6.7

Patches

Patch: codereview.chromium.org ↗Patch: codereview.chromium.org ↗

🔴Vulnerability Details

GHSA

GHSA-93cg-vfx4-pxr4: The Array↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2016-04-27

▶

CVEList

CVE-2016-1646: The Array↗2016-03-29

▶

OSV

CVE-2016-1646: The Array↗2016-03-29

▶

VulnCheck

Google Chromium V8 Out-of-Bounds Read Vulnerability↗2016

▶

📋Vendor Advisories

CISA

Google Chromium V8 Out-of-Bounds Read Vulnerability↗2022-06-08

▶

Ubuntu

Oxide vulnerabilities↗2016-04-27

▶

Red Hat

chromium-browser: out-of-bounds read in V8↗2016-03-24

▶