CVE-2016-1646

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 49.0.2623.108

Description The issue is related to the Array.prototype.concat implementation in builtins.cc in Google V8, which does not properly consider element data types. This allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. The vulnerability can be exploited by a remote attacker to potentially gain confidential information and cause a denial of service on the affected system.

Recommendations For Google Chrome versions prior to 49.0.2623.108, update to version 49.0.2623.108 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Array.prototype.concat function in JavaScript code until a patch is applied. Additionally, avoid using crafted JavaScript code that could exploit this vulnerability.