CISA KEV 정보
| 취약점명 | Google Chromium V8 Out-of-Bounds Read Vulnerability |
|---|---|
| 설명 | Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-119 |
| 등록일 (KEV) | 2022-06-08 |
| 조치 기한 | 2022-06-22 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2016-1646 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C설명: The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CWE: CWE-125 | CWE-125
참조
- http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html [Release Notes, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2016-0525.html [Third Party Advisory]
- http://www.debian.org/security/2016/dsa-3531 [Mailing List, Third Party Advisory]
- http://www.securitytracker.com/id/1035423 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.ubuntu.com/usn/USN-2955-1 [Third Party Advisory]
- https://code.google.com/p/chromium/issues/detail?id=594574 [Exploit, Issue Tracking, Mailing List]
- https://codereview.chromium.org/1804963002/ [Patch]
- https://security.gentoo.org/glsa/201605-02 [Third Party Advisory]
- http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html [Release Notes, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html [Mailing List, Third Party Advisory]
- ... 외 8건
This product uses the NVD API but is not endorsed or certified by the NVD.