Remote Code Execution Vulnerability in Google Chrome
CVE-2016-1678

8.8HIGH

Key Information:

Vendor

Google
Status
V8
Vendor
CVE Published:
5 June 2016

What is CVE-2016-1678?

A vulnerability exists in Google Chrome's implementation of the V8 JavaScript engine, where the lazy deoptimization mechanism is not adequately restricted. This oversight enables remote attackers to leverage specially crafted JavaScript code to trigger a denial of service, resulting in a heap-based buffer overflow. Such an exploit could potentially disrupt service or lead to other unspecified impacts on the affected systems.

References

http://www.securityfocus.com/bid/90876
vdb-entryx_refsource_BID
https://crbug.com/595259
x_refsource_CONFIRM
https://codereview.chromium.org/1875053002
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.