The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.71874}

epss

{'score': 0.69769}


Wed, 29 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-06-08'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 00:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2025-07-30T01:46:39.965Z

Reserved: 2016-01-12T00:00:00.000Z

Link: CVE-2016-1646

cve-icon Vulnrichment

Updated: 2024-08-05T23:02:12.453Z

cve-icon NVD

Status : Deferred

Published: 2016-03-29T10:59:00.160

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-1646

cve-icon Redhat

Severity : Important

Publid Date: 2016-03-24T00:00:00Z

Links: CVE-2016-1646 - Bugzilla

cve-icon OpenCVE Enrichment

No data.