Search for vulnerabilities
Vulnerability details: VCID-j96d-msk1-skef
Vulnerability ID VCID-j96d-msk1-skef
Aliases CVE-2016-1646
Summary
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 8.8 http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
ssvc Attend http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
cvssv3.1 8.8 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
ssvc Attend http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
cvssv3.1 8.8 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
ssvc Attend http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
cvssv3.1 8.8 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
ssvc Attend http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
cvssv3.1 8.8 http://rhn.redhat.com/errata/RHSA-2016-0525.html
ssvc Attend http://rhn.redhat.com/errata/RHSA-2016-0525.html
epss 0.71722 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.71722 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.71722 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.71722 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.71722 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.71722 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.73437 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss 0.73437 https://api.first.org/data/v1/epss?cve=CVE-2016-1646
cvssv3.1 8.8 https://code.google.com/p/chromium/issues/detail?id=594574
ssvc Attend https://code.google.com/p/chromium/issues/detail?id=594574
cvssv3.1 8.8 https://codereview.chromium.org/1804963002/
ssvc Attend https://codereview.chromium.org/1804963002/
cvssv3.1 8.8 https://security.gentoo.org/glsa/201605-02
ssvc Attend https://security.gentoo.org/glsa/201605-02
cvssv3.1 8.8 http://www.debian.org/security/2016/dsa-3531
ssvc Attend http://www.debian.org/security/2016/dsa-3531
cvssv3.1 8.8 http://www.securitytracker.com/id/1035423
ssvc Attend http://www.securitytracker.com/id/1035423
cvssv3.1 8.8 http://www.ubuntu.com/usn/USN-2955-1
ssvc Attend http://www.ubuntu.com/usn/USN-2955-1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1646.json
https://api.first.org/data/v1/epss?cve=CVE-2016-1646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1650
1035423 http://www.securitytracker.com/id/1035423
1321811 https://bugzilla.redhat.com/show_bug.cgi?id=1321811
1804963002 https://codereview.chromium.org/1804963002/
201605-02 https://security.gentoo.org/glsa/201605-02
detail?id=594574 https://code.google.com/p/chromium/issues/detail?id=594574
dsa-3531 http://www.debian.org/security/2016/dsa-3531
msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
RHSA-2016:0525 https://access.redhat.com/errata/RHSA-2016:0525
RHSA-2016-0525.html http://rhn.redhat.com/errata/RHSA-2016-0525.html
stable-channel-update_24.html http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
USN-2955-1 https://usn.ubuntu.com/2955-1/
USN-2955-1 http://www.ubuntu.com/usn/USN-2955-1
Data source KEV
Date added June 8, 2022
Description Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date June 22, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2016-1646
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-0525.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0525.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://code.google.com/p/chromium/issues/detail?id=594574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at https://code.google.com/p/chromium/issues/detail?id=594574
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://codereview.chromium.org/1804963002/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at https://codereview.chromium.org/1804963002/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201605-02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at https://security.gentoo.org/glsa/201605-02
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2016/dsa-3531
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://www.debian.org/security/2016/dsa-3531
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1035423
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://www.securitytracker.com/id/1035423
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-2955-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://www.ubuntu.com/usn/USN-2955-1
Exploit Prediction Scoring System (EPSS)
Percentile 0.98662
EPSS Score 0.71722
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:37:59.571171+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2955-1/ 37.0.0