Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-1232 (GCVE-0-2015-1232)
Vulnerability from cvelistv5 – Published: 2015-03-09 00:00 – Updated: 2024-08-06 04:33
VLAI?
EPSS
Summary
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/907793002"
},
{
"name": "GLSA-201503-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/907793002"
},
{
"name": "GLSA-201503-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/907793002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/907793002"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456516",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1232",
"datePublished": "2015-03-09T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"40.0.2214.115\", \"matchCriteriaId\": \"8E4473BA-37DE-4AF1-A828-99AA9D83AAE7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.\"}, {\"lang\": \"es\", \"value\": \"Error en el indice del array en la funci\\u00f3n MidiManagerUsb::DispatchSendMidiData en media/midi/midi_manager_usb.cc en Google Chrome anterior a 41.0.2272.76 permite a atacantes remotos causar una denegaci\\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de acceso al renderizador para proporcionar un indice de puertos inv\\u00e1lido que provoca una operaci\\u00f3n de escritura fuera de rango, una vulnerabilidad diferente a CVE-2015-1212.\"}]",
"id": "CVE-2015-1232",
"lastModified": "2024-11-21T02:24:56.903",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-03-09T00:59:27.280",
"references": "[{\"url\": \"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://code.google.com/p/chromium/issues/detail?id=456516\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/907793002\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201503-12\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://code.google.com/p/chromium/issues/detail?id=456516\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/907793002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201503-12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1232\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2015-03-09T00:59:27.280\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.\"},{\"lang\":\"es\",\"value\":\"Error en el indice del array en la funci\u00f3n MidiManagerUsb::DispatchSendMidiData en media/midi/midi_manager_usb.cc en Google Chrome anterior a 41.0.2272.76 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de acceso al renderizador para proporcionar un indice de puertos inv\u00e1lido que provoca una operaci\u00f3n de escritura fuera de rango, una vulnerabilidad diferente a CVE-2015-1212.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"40.0.2214.115\",\"matchCriteriaId\":\"8E4473BA-37DE-4AF1-A828-99AA9D83AAE7\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=456516\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/907793002\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201503-12\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=456516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/907793002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201503-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2015-1232
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-1232",
"description": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"id": "GSD-2015-1232",
"references": [
"https://access.redhat.com/errata/RHSA-2015:0627",
"https://advisories.mageia.org/CVE-2015-1232.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-1232"
],
"details": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"id": "GSD-2015-1232",
"modified": "2023-12-13T01:20:05.521622Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/907793002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/907793002"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456516",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "40.0.2214.115",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1232"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://codereview.chromium.org/907793002",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.chromium.org/907793002"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456516",
"refsource": "CONFIRM",
"tags": [],
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201503-12"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-12-22T02:59Z",
"publishedDate": "2015-03-09T00:59Z"
}
}
}
RHSA-2015_0627
Vulnerability from csaf_redhat - Published: 2015-03-05 13:59 - Updated: 2024-11-14 18:07Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,
CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,
CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,
CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.76, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,\nCVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,\nCVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,\nCVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 41.0.2272.76, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0627",
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"category": "external",
"summary": "1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0627.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:07:23+00:00",
"generator": {
"date": "2024-11-14T18:07:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0627",
"initial_release_date": "2015-03-05T13:59:42+00:00",
"revision_history": [
{
"date": "2015-03-05T13:59:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-03-05T13:59:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:07:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1213",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198519"
}
],
"notes": [
{
"category": "description",
"text": "The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1213"
},
{
"category": "external",
"summary": "RHBZ#1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1213",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1214",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198520"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1214"
},
{
"category": "external",
"summary": "RHBZ#1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1215",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198521"
}
],
"notes": [
{
"category": "description",
"text": "The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1215"
},
{
"category": "external",
"summary": "RHBZ#1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1216",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198522"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1216"
},
{
"category": "external",
"summary": "RHBZ#1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in v8 bindings"
},
{
"cve": "CVE-2015-1217",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198523"
}
],
"notes": [
{
"category": "description",
"text": "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1217"
},
{
"category": "external",
"summary": "RHBZ#1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8 bindings"
},
{
"cve": "CVE-2015-1218",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198525"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1218"
},
{
"category": "external",
"summary": "RHBZ#1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1218",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198526"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Integer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1219"
},
{
"category": "external",
"summary": "RHBZ#1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Integer overflow in webgl"
},
{
"cve": "CVE-2015-1220",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198527"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in gif decoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1220"
},
{
"category": "external",
"summary": "RHBZ#1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1220"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in gif decoder"
},
{
"cve": "CVE-2015-1221",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198528"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink\u0027s main thread, related to the shutdown function in web/WebKit.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in web databases",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1221"
},
{
"category": "external",
"summary": "RHBZ#1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1221",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in web databases"
},
{
"cve": "CVE-2015-1222",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198529"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in service workers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1222"
},
{
"category": "external",
"summary": "RHBZ#1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1222",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in service workers"
},
{
"cve": "CVE-2015-1223",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198530"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1223"
},
{
"category": "external",
"summary": "RHBZ#1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1223",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1224",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198531"
}
],
"notes": [
{
"category": "description",
"text": "The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in vpxdecoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1224"
},
{
"category": "external",
"summary": "RHBZ#1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1224",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in vpxdecoder"
},
{
"cve": "CVE-2015-1225",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198532"
}
],
"notes": [
{
"category": "description",
"text": "PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1225"
},
{
"category": "external",
"summary": "RHBZ#1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in pdfium"
},
{
"cve": "CVE-2015-1226",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198533"
}
],
"notes": [
{
"category": "description",
"text": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Validation issue in debugger",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1226"
},
{
"category": "external",
"summary": "RHBZ#1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1226",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Validation issue in debugger"
},
{
"cve": "CVE-2015-1227",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198534"
}
],
"notes": [
{
"category": "description",
"text": "The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1227"
},
{
"category": "external",
"summary": "RHBZ#1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in blink"
},
{
"cve": "CVE-2015-1228",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198535"
}
],
"notes": [
{
"category": "description",
"text": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in rendering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1228"
},
{
"category": "external",
"summary": "RHBZ#1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in rendering"
},
{
"cve": "CVE-2015-1229",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198536"
}
],
"notes": [
{
"category": "description",
"text": "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cookie injection in proxies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1229"
},
{
"category": "external",
"summary": "RHBZ#1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cookie injection in proxies"
},
{
"cve": "CVE-2015-1230",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198537"
}
],
"notes": [
{
"category": "description",
"text": "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1230"
},
{
"category": "external",
"summary": "RHBZ#1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1230",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8"
},
{
"cve": "CVE-2015-1231",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198542"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1231"
},
{
"category": "external",
"summary": "RHBZ#1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives."
},
{
"cve": "CVE-2015-1232",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205142"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1232"
},
{
"category": "external",
"summary": "RHBZ#1205142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in media"
}
]
}
RHSA-2015:0627
Vulnerability from csaf_redhat - Published: 2015-03-05 13:59 - Updated: 2025-11-21 17:51Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,
CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,
CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,
CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.76, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,\nCVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,\nCVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,\nCVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 41.0.2272.76, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0627",
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"category": "external",
"summary": "1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0627.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T17:51:52+00:00",
"generator": {
"date": "2025-11-21T17:51:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:0627",
"initial_release_date": "2015-03-05T13:59:42+00:00",
"revision_history": [
{
"date": "2015-03-05T13:59:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-03-05T13:59:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:51:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1213",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198519"
}
],
"notes": [
{
"category": "description",
"text": "The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1213"
},
{
"category": "external",
"summary": "RHBZ#1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1213",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1214",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198520"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1214"
},
{
"category": "external",
"summary": "RHBZ#1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1215",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198521"
}
],
"notes": [
{
"category": "description",
"text": "The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1215"
},
{
"category": "external",
"summary": "RHBZ#1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1216",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198522"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1216"
},
{
"category": "external",
"summary": "RHBZ#1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in v8 bindings"
},
{
"cve": "CVE-2015-1217",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198523"
}
],
"notes": [
{
"category": "description",
"text": "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1217"
},
{
"category": "external",
"summary": "RHBZ#1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8 bindings"
},
{
"cve": "CVE-2015-1218",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198525"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1218"
},
{
"category": "external",
"summary": "RHBZ#1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1218",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198526"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Integer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1219"
},
{
"category": "external",
"summary": "RHBZ#1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Integer overflow in webgl"
},
{
"cve": "CVE-2015-1220",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198527"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in gif decoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1220"
},
{
"category": "external",
"summary": "RHBZ#1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1220"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in gif decoder"
},
{
"cve": "CVE-2015-1221",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198528"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink\u0027s main thread, related to the shutdown function in web/WebKit.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in web databases",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1221"
},
{
"category": "external",
"summary": "RHBZ#1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1221",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in web databases"
},
{
"cve": "CVE-2015-1222",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198529"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in service workers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1222"
},
{
"category": "external",
"summary": "RHBZ#1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1222",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in service workers"
},
{
"cve": "CVE-2015-1223",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198530"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1223"
},
{
"category": "external",
"summary": "RHBZ#1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1223",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1224",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198531"
}
],
"notes": [
{
"category": "description",
"text": "The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in vpxdecoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1224"
},
{
"category": "external",
"summary": "RHBZ#1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1224",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in vpxdecoder"
},
{
"cve": "CVE-2015-1225",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198532"
}
],
"notes": [
{
"category": "description",
"text": "PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1225"
},
{
"category": "external",
"summary": "RHBZ#1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in pdfium"
},
{
"cve": "CVE-2015-1226",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198533"
}
],
"notes": [
{
"category": "description",
"text": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Validation issue in debugger",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1226"
},
{
"category": "external",
"summary": "RHBZ#1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1226",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Validation issue in debugger"
},
{
"cve": "CVE-2015-1227",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198534"
}
],
"notes": [
{
"category": "description",
"text": "The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1227"
},
{
"category": "external",
"summary": "RHBZ#1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in blink"
},
{
"cve": "CVE-2015-1228",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198535"
}
],
"notes": [
{
"category": "description",
"text": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in rendering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1228"
},
{
"category": "external",
"summary": "RHBZ#1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in rendering"
},
{
"cve": "CVE-2015-1229",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198536"
}
],
"notes": [
{
"category": "description",
"text": "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cookie injection in proxies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1229"
},
{
"category": "external",
"summary": "RHBZ#1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cookie injection in proxies"
},
{
"cve": "CVE-2015-1230",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198537"
}
],
"notes": [
{
"category": "description",
"text": "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1230"
},
{
"category": "external",
"summary": "RHBZ#1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1230",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8"
},
{
"cve": "CVE-2015-1231",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198542"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1231"
},
{
"category": "external",
"summary": "RHBZ#1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives."
},
{
"cve": "CVE-2015-1232",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205142"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1232"
},
{
"category": "external",
"summary": "RHBZ#1205142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in media"
}
]
}
GHSA-F6R4-GH32-PQ92
Vulnerability from github – Published: 2022-05-17 03:20 – Updated: 2022-05-17 03:20
VLAI?
Details
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.
{
"affected": [],
"aliases": [
"CVE-2015-1232"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-03-09T00:59:00Z",
"severity": "HIGH"
},
"details": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"id": "GHSA-f6r4-gh32-pq92",
"modified": "2022-05-17T03:20:34Z",
"published": "2022-05-17T03:20:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/907793002"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2015-1232
Vulnerability from fkie_nvd - Published: 2015-03-09 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4473BA-37DE-4AF1-A828-99AA9D83AAE7",
"versionEndIncluding": "40.0.2214.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
},
{
"lang": "es",
"value": "Error en el indice del array en la funci\u00f3n MidiManagerUsb::DispatchSendMidiData en media/midi/midi_manager_usb.cc en Google Chrome anterior a 41.0.2272.76 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de acceso al renderizador para proporcionar un indice de puertos inv\u00e1lido que provoca una operaci\u00f3n de escritura fuera de rango, una vulnerabilidad diferente a CVE-2015-1212."
}
],
"id": "CVE-2015-1232",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-09T00:59:27.280",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/907793002"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/907793002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201503-12"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2015-01575
Vulnerability from cnvd - Published: 2015-03-12
VLAI Severity ?
Title
Google Chrome拒绝服务漏洞(CNVD-2015-01575)
Description
Google Chrome是一款流行的WEB浏览器。
Google Chrome media/midi/midi_manager_usb.cc文件中的‘MidiManagerUsb::DispatchSendMidiData’函数存在拒绝服务漏洞,远程攻击者可通过利用渲染器提供无效端口索引的访问,使应用程序崩溃。
Severity
高
Patch Name
Google Chrome拒绝服务漏洞(CNVD-2015-01575)的补丁
Patch Description
Google Chrome是一款流行的WEB浏览器。
Google Chrome media/midi/midi_manager_usb.cc文件中的‘MidiManagerUsb::DispatchSendMidiData’函数存在拒绝服务漏洞,远程攻击者可通过利用渲染器提供无效端口索引的访问,使应用程序崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
Google Chrome 41.0.2272.76已经修复该漏洞,建议用户下载更新: http://googlechromereleases.blogspot.com
Reference
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1232
Impacted products
| Name | Google Chrome <41.0.2272.76 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-1232"
}
},
"description": "Google Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002 \r\n\r\nGoogle Chrome media/midi/midi_manager_usb.cc\u6587\u4ef6\u4e2d\u7684\u2018MidiManagerUsb::DispatchSendMidiData\u2019\u51fd\u6570\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5229\u7528\u6e32\u67d3\u5668\u63d0\u4f9b\u65e0\u6548\u7aef\u53e3\u7d22\u5f15\u7684\u8bbf\u95ee\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
"discovererName": "Google",
"formalWay": "Google Chrome 41.0.2272.76\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a \r\nhttp://googlechromereleases.blogspot.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-01575",
"openTime": "2015-03-12",
"patchDescription": "Google Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002 \r\n\r\nGoogle Chrome media/midi/midi_manager_usb.cc\u6587\u4ef6\u4e2d\u7684\u2018MidiManagerUsb::DispatchSendMidiData\u2019\u51fd\u6570\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5229\u7528\u6e32\u67d3\u5668\u63d0\u4f9b\u65e0\u6548\u7aef\u53e3\u7d22\u5f15\u7684\u8bbf\u95ee\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-01575\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c41.0.2272.76"
},
"referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1232",
"serverity": "\u9ad8",
"submitTime": "2015-03-10",
"title": "Google Chrome\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-01575\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…