Critical severity9.8NVD Advisory· Published Dec 6, 2015· Updated May 6, 2026

CVE-2015-6764

Description

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2015/12/stable-channel-update.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.htmlnvd
lists.opensuse.org/opensuse-updates/2016-01/msg00045.htmlnvd
www.debian.org/security/2015/dsa-3415nvd
www.securityfocus.com/bid/78209nvd
www.securitytracker.com/id/1034298nvd
chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabcnvd
code.google.com/p/chromium/issues/detailnvd
codereview.chromium.org/1440223002nvd
security.gentoo.org/glsa/201603-09nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000