Vulnerability Details : CVE-2016-1665
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
Vulnerability category: Input validation
Products affected by CVE-2016-1665
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1665
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1665
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-1665
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1665
-
https://codereview.chromium.org/1925463003
Issue 1925463003: [turbofan] Don't use the CompareIC in JSGenericLowering. - Code Review
-
https://crbug.com/606181
606181 - Security: Due to out of index of 'Node' object , attacker can control all contents of 'Node' object - chromium - Monorail
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html
[security-announce] openSUSE-SU-2016:1207-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2960-1
USN-2960-1: Oxide vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
[security-announce] openSUSE-SU-2016:1655-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html
[security-announce] openSUSE-SU-2016:1208-1: important: Security update
-
http://www.securityfocus.com/bid/89106
Google Chrome Prior to 50.0.2661.94 Multiple Security Vulnerabilities
-
https://security.gentoo.org/glsa/201605-02
Chromium: Multiple vulnerabilities (GLSA 201605-02) — Gentoo security
-
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.debian.org/security/2016/dsa-3564
Debian -- Security Information -- DSA-3564-1 chromium-browser
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html
[security-announce] openSUSE-SU-2016:1209-1: important: Security update
-
http://rhn.redhat.com/errata/RHSA-2016-0707.html
RHSA-2016:0707 - Security Advisory - Red Hat Customer Portal
Jump to