UBUNTU-CVE-2016-1677

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2016-1677
Downstream
USN-2992-1
Published: 31 May 2016, 00:00
Last modified:22 Apr 2026, 10:32

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

31 May 2016, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:32
Last Modified
Vulnerability information updated

Description

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

CVSS Metrics

  • v3.0MEDIUMScore: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Systems

  • ubuntuchromium-browser

    < 51.0.2704.79-0ubuntu0.14.04.1.1121 | < 51.0.2704.79-0ubuntu0.16.04.1.1242

  • ubuntulibv8-3.14

    all | all

  • ubuntuoxide-qt

    < 1.15.7-0ubuntu0.14.04.1 | < 1.15.7-0ubuntu0.16.04.1

References (4)