What is CVE-2016-9651?

CVE-2016-9651 is a vulnerability in Google Chrome. Published 2019-01-09.

Is CVE-2016-9651 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Chrome

CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

EPSS: 0.527 (98.0th percentile) — read the EPSS interpretation.

Affected products

Google Chrome — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
addicjanov/js-vuln-db
lnick2023/nicenice
otravidaahora2t/js-vuln-db
qazbnm456/awesome-cve-poc
secmob/pwnfest2016
tunz/js-vuln-db
xbl3/awesome-cve-poc_

References

RHSA-2016:2919 (x_refsource_REDHAT, vendor-advisory)
94633 (vdb-entry, x_refsource_BID)
crbug.com/664411 (x_refsource_MISC)
42175 (exploit, x_refsource_EXPLOIT-DB)
chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html (x_refsource_CONFIRM)
GLSA-201612-11 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2016-9651?: CVE-2016-9651 is a vulnerability in Google Chrome. Published 2019-01-09.
Is CVE-2016-9651 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.