HTTP: Google Chrome CVE-2016-1646 Denial Of Service

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to denial of service condition.

Extended Description

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.

Affected Products

Redhat enterprise_linux_server

References

CVE: CVE-2016-1646

Short Name
HTTP:STC:CHROME:CVE-2016-1646
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-1646 Chrome Denial Google Of Service
Release Date
05/11/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3718
False Positive
Unknown
Vendors

Google

Suse

Redhat

Opensuse

Debian

Canonical

CVSS Score

9.3

Found a potential security threat?