Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-9651Code Injection in Google Chrome

CWE-94Code Injection10 documents8 sources
Severity
8.8HIGHNVD
OSV6.1
EPSS
52.7%
top 2.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Google ChromeRedhat Enterprise Linux DesktopRedhat Enterprise Linux Server+1 more
Timeline
PublishedJan 9
Latest updateMay 14

Description

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5google/chromeunspecified55.0.2883.75
NVDgoogle/chrome< 55.0.2883.75

🔴Vulnerability Details

4
GHSA
GHSA-wp7w-fjvj-wrv2: A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 552022-05-14
CVEList
CVE-2016-9651: A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 552019-01-09
OSV
oxide-qt vulnerabilities2016-12-09
OSV
CVE-2016-9651: A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 552016-12-06

💥Exploits & PoCs

1
Exploit-DB
Google Chrome - V8 Private Property Arbitrary Code Execution2017-06-14

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-12-09
Red Hat
chromium-browser: private property access in v82016-12-01

💬Community

2
Bugzilla
chromium: various flaws [fedora-all]2016-12-02
Bugzilla
CVE-2016-9651 chromium-browser: private property access in v82016-12-02
CVE-2016-9651 — Code Injection in Google Chrome | cvebase