Vulnerability-Lookup

CVE-2015-6789 (GCVE-0-2015-6789)

Vulnerability from cvelistv5 – Published: 2015-12-14 11:00 – Updated: 2024-08-06 07:29

Summary

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.

Severity

No CVSS data available.

CWE

Assigner

Chrome

References

10 references

URL	Tags
https://code.google.com/p/chromium/issues/detail?…	x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2015/12/…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-2618.html	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2015/dsa-3418	vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201603-09	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/78734	vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2860-1	vendor-advisoryx_refsource_UBUNTU
https://codereview.chromium.org/1463433002/	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Date Public

2015-12-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://code.google.com/p/chromium/issues/detail?id=557981"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
          },
          {
            "name": "RHSA-2015:2618",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
          },
          {
            "name": "openSUSE-SU-2015:2290",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
          },
          {
            "name": "DSA-3418",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3418"
          },
          {
            "name": "GLSA-201603-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-09"
          },
          {
            "name": "78734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78734"
          },
          {
            "name": "USN-2860-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2860-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://codereview.chromium.org/1463433002/"
          },
          {
            "name": "openSUSE-SU-2015:2291",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://code.google.com/p/chromium/issues/detail?id=557981"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
        },
        {
          "name": "RHSA-2015:2618",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
        },
        {
          "name": "openSUSE-SU-2015:2290",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
        },
        {
          "name": "DSA-3418",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3418"
        },
        {
          "name": "GLSA-201603-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201603-09"
        },
        {
          "name": "78734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/78734"
        },
        {
          "name": "USN-2860-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2860-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://codereview.chromium.org/1463433002/"
        },
        {
          "name": "openSUSE-SU-2015:2291",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2015-6789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://code.google.com/p/chromium/issues/detail?id=557981",
              "refsource": "CONFIRM",
              "url": "https://code.google.com/p/chromium/issues/detail?id=557981"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
            },
            {
              "name": "RHSA-2015:2618",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
            },
            {
              "name": "openSUSE-SU-2015:2290",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
            },
            {
              "name": "DSA-3418",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3418"
            },
            {
              "name": "GLSA-201603-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201603-09"
            },
            {
              "name": "78734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/78734"
            },
            {
              "name": "USN-2860-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2860-1"
            },
            {
              "name": "https://codereview.chromium.org/1463433002/",
              "refsource": "CONFIRM",
              "url": "https://codereview.chromium.org/1463433002/"
            },
            {
              "name": "openSUSE-SU-2015:2291",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2015-6789",
    "datePublished": "2015-12-14T11:00:00.000Z",
    "dateReserved": "2015-08-31T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:29:24.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-6789",
      "date": "2026-05-27",
      "epss": "0.01599",
      "percentile": "0.81945"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"47.0.2526.73\", \"matchCriteriaId\": \"4F830030-A662-45C2-950D-EC2598644202\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.\"}, {\"lang\": \"es\", \"value\": \"Condici\\u00f3n de carrera en la implementaci\\u00f3n MutationObserver en Blink, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (uso despu\\u00e9s de liberaci\\u00f3n de memoria) o posiblemente tener otro impacto no especificado mediante el aprovechamiento del borrado de un objeto no previsto.\"}]",
      "evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
      "id": "CVE-2015-6789",
      "lastModified": "2024-11-21T02:35:40.347",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-12-14T11:59:01.573",
      "references": "[{\"url\": \"http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2618.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3418\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/78734\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2860-1\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://code.google.com/p/chromium/issues/detail?id=557981\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/1463433002/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-09\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2618.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/78734\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2860-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://code.google.com/p/chromium/issues/detail?id=557981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/1463433002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6789\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2015-12-14T11:59:01.573\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en la implementaci\u00f3n MutationObserver en Blink, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes remotos causar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n de memoria) o posiblemente tener otro impacto no especificado mediante el aprovechamiento del borrado de un objeto no previsto.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"47.0.2526.73\",\"matchCriteriaId\":\"4F830030-A662-45C2-950D-EC2598644202\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2618.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3418\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/78734\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2860-1\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=557981\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/1463433002/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201603-09\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2618.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/78734\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2860-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=557981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/1463433002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201603-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"https://cwe.mitre.org/data/definitions/416.html\\\"\u003eCWE-416: Use After Free\u003c/a\u003e\"}}"
  }
}

RHSA-2015_2618

Vulnerability from csaf_redhat - Published: 2015-12-14 04:23 - Updated: 2024-11-14 17:17

Summary

Red Hat Security Advisory: chromium-browser security update

Severity

Important

Notes

Topic: Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details: Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2015-6788, CVE-2015-6789, CVE-2015-6790, CVE-2015-6791) All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.80, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2015-6788

The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2015-6789

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-416 - Use After Free

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2015-6791

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2015-8548

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

29 references

URL	Category
https://access.redhat.com/errata/RHSA-2015:2618	self
https://access.redhat.com/security/updates/classi…	external
http://googlechromereleases.blogspot.com/2015/12/…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1289870	external
https://bugzilla.redhat.com/show_bug.cgi?id=1289874	external
https://bugzilla.redhat.com/show_bug.cgi?id=1289875	external
https://bugzilla.redhat.com/show_bug.cgi?id=1289876	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2015-6788	self
https://bugzilla.redhat.com/show_bug.cgi?id=1289870	external
https://www.cve.org/CVERecord?id=CVE-2015-6788	external
https://nvd.nist.gov/vuln/detail/CVE-2015-6788	external
http://googlechromereleases.blogspot.com/2015/12/…	external
https://access.redhat.com/security/cve/CVE-2015-6789	self
https://bugzilla.redhat.com/show_bug.cgi?id=1289874	external
https://www.cve.org/CVERecord?id=CVE-2015-6789	external
https://nvd.nist.gov/vuln/detail/CVE-2015-6789	external
https://access.redhat.com/security/cve/CVE-2015-6790	self
https://bugzilla.redhat.com/show_bug.cgi?id=1289875	external
https://www.cve.org/CVERecord?id=CVE-2015-6790	external
https://nvd.nist.gov/vuln/detail/CVE-2015-6790	external
https://access.redhat.com/security/cve/CVE-2015-6791	self
https://bugzilla.redhat.com/show_bug.cgi?id=1289876	external
https://www.cve.org/CVERecord?id=CVE-2015-6791	external
https://nvd.nist.gov/vuln/detail/CVE-2015-6791	external
https://access.redhat.com/security/cve/CVE-2015-8548	self
https://bugzilla.redhat.com/show_bug.cgi?id=1291235	external
https://www.cve.org/CVERecord?id=CVE-2015-8548	external
https://nvd.nist.gov/vuln/detail/CVE-2015-8548	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2015-6788, CVE-2015-6789, CVE-2015-6790, CVE-2015-6791)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 47.0.2526.80, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:2618",
        "url": "https://access.redhat.com/errata/RHSA-2015:2618"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
        "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
      },
      {
        "category": "external",
        "summary": "1289870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289870"
      },
      {
        "category": "external",
        "summary": "1289874",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289874"
      },
      {
        "category": "external",
        "summary": "1289875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289875"
      },
      {
        "category": "external",
        "summary": "1289876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289876"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2618.json"
      }
    ],
    "title": "Red Hat Security Advisory: chromium-browser security update",
    "tracking": {
      "current_release_date": "2024-11-14T17:17:32+00:00",
      "generator": {
        "date": "2024-11-14T17:17:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2015:2618",
      "initial_release_date": "2015-12-14T04:23:04+00:00",
      "revision_history": [
        {
          "date": "2015-12-14T04:23:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-12-14T04:23:04+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T17:17:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.7.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.7.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.7.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
                "product": {
                  "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
                  "product_id": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@47.0.2526.80-1.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "chromium-browser-0:47.0.2526.80-1.el6.x86_64",
                "product": {
                  "name": "chromium-browser-0:47.0.2526.80-1.el6.x86_64",
                  "product_id": "chromium-browser-0:47.0.2526.80-1.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser@47.0.2526.80-1.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
                "product": {
                  "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
                  "product_id": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@47.0.2526.80-1.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "chromium-browser-0:47.0.2526.80-1.el6.i686",
                "product": {
                  "name": "chromium-browser-0:47.0.2526.80-1.el6.i686",
                  "product_id": "chromium-browser-0:47.0.2526.80-1.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser@47.0.2526.80-1.el6?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:47.0.2526.80-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686"
        },
        "product_reference": "chromium-browser-0:47.0.2526.80-1.el6.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:47.0.2526.80-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64"
        },
        "product_reference": "chromium-browser-0:47.0.2526.80-1.el6.x86_64",
        "relates_to_product_reference": "6Client-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
        "relates_to_product_reference": "6Client-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:47.0.2526.80-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686"
        },
        "product_reference": "chromium-browser-0:47.0.2526.80-1.el6.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:47.0.2526.80-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64"
        },
        "product_reference": "chromium-browser-0:47.0.2526.80-1.el6.x86_64",
        "relates_to_product_reference": "6Server-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
        "relates_to_product_reference": "6Server-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:47.0.2526.80-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686"
        },
        "product_reference": "chromium-browser-0:47.0.2526.80-1.el6.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:47.0.2526.80-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64"
        },
        "product_reference": "chromium-browser-0:47.0.2526.80-1.el6.x86_64",
        "relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
        "relates_to_product_reference": "6Workstation-Supplementary-6.7.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-6788",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "discovery_date": "2015-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1289870"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Type confusion in extensions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-6788"
        },
        {
          "category": "external",
          "summary": "RHBZ#1289870",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289870"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-6788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-6788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6788"
        },
        {
          "category": "external",
          "summary": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
          "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
        }
      ],
      "release_date": "2015-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-14T04:23:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2618"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Type confusion in extensions"
    },
    {
      "cve": "CVE-2015-6789",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2015-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1289874"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use-after free in Blink",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-6789"
        },
        {
          "category": "external",
          "summary": "RHBZ#1289874",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289874"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-6789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-6789"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6789",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6789"
        },
        {
          "category": "external",
          "summary": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
          "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
        }
      ],
      "release_date": "2015-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-14T04:23:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2618"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use-after free in Blink"
    },
    {
      "cve": "CVE-2015-6790",
      "discovery_date": "2015-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1289875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Escaping issue in saved pages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-6790"
        },
        {
          "category": "external",
          "summary": "RHBZ#1289875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-6790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-6790"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6790",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6790"
        },
        {
          "category": "external",
          "summary": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
          "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
        }
      ],
      "release_date": "2015-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-14T04:23:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2618"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Escaping issue in saved pages"
    },
    {
      "cve": "CVE-2015-6791",
      "discovery_date": "2015-12-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1289876"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-6791"
        },
        {
          "category": "external",
          "summary": "RHBZ#1289876",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289876"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-6791",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-6791"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-6791",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6791"
        },
        {
          "category": "external",
          "summary": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
          "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
        }
      ],
      "release_date": "2015-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-14T04:23:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2618"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives"
    },
    {
      "cve": "CVE-2015-8548",
      "discovery_date": "2015-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1291235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "v8: multiple vulnerabilities fixed in 4.7.80.23",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
          "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-8548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1291235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-8548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-8548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8548"
        },
        {
          "category": "external",
          "summary": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
          "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
        }
      ],
      "release_date": "2015-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-14T04:23:04+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2618"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-0:47.0.2526.80-1.el6.x86_64",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.i686",
            "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:47.0.2526.80-1.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "v8: multiple vulnerabilities fixed in 4.7.80.23"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6789 (GCVE-0-2015-6789)

RHSA-2015_2618

Tags

Sightings

Nomenclature