Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
685
VMScore

CVE-2016-9651

Published: 09/01/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Google

Vulnerability Summary

A missing check for whether a property of a JS object is private in V8 in Google Chrome before 55.0.2883.75 allowed a remote malicious user to execute arbitrary code inside a sandbox via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Red Hat: Important: chromium-browser security update
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Ubuntu Security Notice: oxide-qt vulnerabilities
Several security issues were fixed in Oxide ...
Red Hat: CVE-2016-9651
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 550288375 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page ...
Arch Linux Issues:
A private property access flaw was found in the V8 component of the Chromium browser ...

Exploits

Exploit DB: Google Chrome - V8 Private Property Arbitrary Code Execution
<html> // Source: githubcom/secmob/pwnfest2016/ <script> function exploit(){ function to_hex(num){ return (num>>>0)toString(16); } function intarray_to_double(int_arr){ var uBuf = new Uint32Array(2); var dBuf = new Float64Array(uBufbuffer); uBuf[0]=int_arr[0]; uBuf[1]=int_arr[1]; retu ...

Github Repositories

https://github.com/secmob/pwnfest2016

full exploit of pwnfest2016, slide and full text of syscan2017

pwnfest2016 full exploit for cve-2016-9651 used in pwnfest2016, slide and full text of syscan360 2017

References

CWE-94http://rhn.redhat.com/errata/RHSA-2016-2919.htmlhttp://www.securityfocus.com/bid/94633https://crbug.com/664411https://www.exploit-db.com/exploits/42175/https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.htmlhttps://security.gentoo.org/glsa/201612-11https://access.redhat.com/errata/RHSA-2016:2919https://usn.ubuntu.com/3153-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/42175/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook