The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome prior to 49.0.2623.108, does not properly consider element data types, which allows remote malicious users to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
opensuse opensuse 13.1 |
||
google chrome |