High severity8.8CISA KEVNVD Advisory· Published Mar 29, 2016· Updated Apr 21, 2026

CVE-2016-1646

Description

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <49.0.2623.108
SUSE S.A./Package Hub
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codereview.chromium.org/1804963002/nvdPatch
code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingMailing List
googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.htmlnvdRelease NotesVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0525.htmlnvdThird Party Advisory
www.debian.org/security/2016/dsa-3531nvdMailing ListThird Party Advisory
www.securitytracker.com/id/1035423nvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2955-1nvdThird Party Advisory
security.gentoo.org/glsa/201605-02nvdThird Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.054
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000