CVE-2016-1665

Published: May 14, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.

Affected (6)

Products: Opensuse: Opensuse · Redhat: Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary, Enterprise Linux Server Supplementary Eus, Enterprise Linux Workstation Supplementary · Google: Chrome

1 product

4 products

Enterprise Linux Desktop Supplementary

Enterprise Linux Server Supplementary

Enterprise Linux Server Supplementary Eus

Enterprise Linux Workstation Supplementary

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop Supplementary	Version 6.0
Redhat Enterprise Linux Server Supplementary	Version 6.0
Redhat Enterprise Linux Server Supplementary Eus	Version 6.7z
Redhat Enterprise Linux Workstation Supplementary	Version 6.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 50.0.2661.87

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-0707.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2016/dsa-3564

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/89106

Source: chrome-cve-admin@google.com

http://www.ubuntu.com/usn/USN-2960-1

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/1925463003

Source: chrome-cve-admin@google.com

https://crbug.com/606181

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201605-02

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0707.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3564

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/89106

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2960-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/1925463003

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/606181

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201605-02

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.