Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1696 (GCVE-0-2016-1696)
Vulnerability from cvelistv5 – Published: 2016-06-05 23:00 – Updated: 2024-08-05 23:02
VLAI
EPSS
Summary
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://googlechromereleases.blogspot.com/2016/06/… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2016:1201 | vendor-advisoryx_refsource_REDHAT |
| https://codereview.chromium.org/1866103002 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1036026 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://crbug.com/601073 | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3594 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2016-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
},
{
"name": "RHSA-2016:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1866103002"
},
{
"name": "1036026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036026"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/601073"
},
{
"name": "DSA-3594",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3594"
},
{
"name": "SUSE-SU-2016:1490",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
},
{
"name": "openSUSE-SU-2016:1489",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-26T14:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
},
{
"name": "RHSA-2016:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1866103002"
},
{
"name": "1036026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036026"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/601073"
},
{
"name": "DSA-3594",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3594"
},
{
"name": "SUSE-SU-2016:1490",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
},
{
"name": "openSUSE-SU-2016:1489",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
},
{
"name": "RHSA-2016:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
},
{
"name": "https://codereview.chromium.org/1866103002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1866103002"
},
{
"name": "1036026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036026"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "https://crbug.com/601073",
"refsource": "CONFIRM",
"url": "https://crbug.com/601073"
},
{
"name": "DSA-3594",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3594"
},
{
"name": "SUSE-SU-2016:1490",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
},
{
"name": "openSUSE-SU-2016:1489",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1696",
"datePublished": "2016-06-05T23:00:00.000Z",
"dateReserved": "2016-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:12.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-1696",
"date": "2026-05-27",
"epss": "0.01453",
"percentile": "0.81058"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"51.0.2704.63\", \"matchCriteriaId\": \"5632B7FF-1930-4ADF-BBA1-C11FD636C7E7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBC8B78D-1131-4F21-919D-8AC79A410FB9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.79 no restringe adecuadamente accesos vinculantes, lo que permite a atacantes remotos eleduir la Same Origin Policy a trav\\u00e9s de vectores no especificados.\"}]",
"id": "CVE-2016-1696",
"lastModified": "2024-11-21T02:46:54.410",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-06-05T23:59:26.260",
"references": "[{\"url\": \"http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3594\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036026\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1201\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/1866103002\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/601073\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3594\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/1866103002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/601073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-254\"}, {\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-1696\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-06-05T23:59:26.260\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.79 no restringe adecuadamente accesos vinculantes, lo que permite a atacantes remotos eleduir la Same Origin Policy a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"51.0.2704.63\",\"matchCriteriaId\":\"5632B7FF-1930-4ADF-BBA1-C11FD636C7E7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBC8B78D-1131-4F21-919D-8AC79A410FB9\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3594\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1036026\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1201\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/1866103002\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/601073\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3594\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/1866103002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/601073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2016_1201
Vulnerability from csaf_redhat - Published: 2016-06-02 18:00 - Updated: 2024-11-14 19:02Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 51.0.2704.79.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1696, CVE-2016-1697, CVE-2016-1703, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
6.8 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
6.8 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
4.3 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.
4.3 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.
4.3 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.
4.3 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
4.3 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
6.8 ()
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.79.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1696, CVE-2016-1697, CVE-2016-1703, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1201",
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
},
{
"category": "external",
"summary": "1342001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342001"
},
{
"category": "external",
"summary": "1342002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342002"
},
{
"category": "external",
"summary": "1342003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342003"
},
{
"category": "external",
"summary": "1342004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342004"
},
{
"category": "external",
"summary": "1342005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342005"
},
{
"category": "external",
"summary": "1342007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342007"
},
{
"category": "external",
"summary": "1342008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342008"
},
{
"category": "external",
"summary": "1342009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342009"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1201.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T19:02:53+00:00",
"generator": {
"date": "2024-11-14T19:02:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1201",
"initial_release_date": "2016-06-02T18:00:59+00:00",
"revision_history": [
{
"date": "2016-06-02T18:00:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-06-02T18:00:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T19:02:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@51.0.2704.79-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:51.0.2704.79-1.el6.i686",
"product": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.i686",
"product_id": "chromium-browser-0:51.0.2704.79-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@51.0.2704.79-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"product_id": "chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@51.0.2704.79-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@51.0.2704.79-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686"
},
"product_reference": "chromium-browser-0:51.0.2704.79-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686"
},
"product_reference": "chromium-browser-0:51.0.2704.79-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686"
},
"product_reference": "chromium-browser-0:51.0.2704.79-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:51.0.2704.79-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1696",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342001"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross-origin bypass in extension bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1696"
},
{
"category": "external",
"summary": "RHBZ#1342001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1696",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1696"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: cross-origin bypass in extension bindings"
},
{
"cve": "CVE-2016-1697",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342002"
}
],
"notes": [
{
"category": "description",
"text": "The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross-origin bypass in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1697"
},
{
"category": "external",
"summary": "RHBZ#1342002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1697",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1697"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: cross-origin bypass in blink"
},
{
"cve": "CVE-2016-1698",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342003"
}
],
"notes": [
{
"category": "description",
"text": "The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: information leak in extension bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1698"
},
{
"category": "external",
"summary": "RHBZ#1342003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1698",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1698"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: information leak in extension bindings"
},
{
"cve": "CVE-2016-1699",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342004"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: parameter sanitization failure in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1699"
},
{
"category": "external",
"summary": "RHBZ#1342004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1699"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: parameter sanitization failure in devtools"
},
{
"cve": "CVE-2016-1700",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342005"
}
],
"notes": [
{
"category": "description",
"text": "extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use-after-free in extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1700"
},
{
"category": "external",
"summary": "RHBZ#1342005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342005"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1700",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1700"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1700",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1700"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use-after-free in extensions"
},
{
"cve": "CVE-2016-1701",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342007"
}
],
"notes": [
{
"category": "description",
"text": "The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use-after-free in autofill",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1701"
},
{
"category": "external",
"summary": "RHBZ#1342007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1701"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use-after-free in autofill"
},
{
"cve": "CVE-2016-1702",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342008"
}
],
"notes": [
{
"category": "description",
"text": "The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out-of-bounds read in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1702"
},
{
"category": "external",
"summary": "RHBZ#1342008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1702"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out-of-bounds read in skia"
},
{
"cve": "CVE-2016-1703",
"discovery_date": "2016-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1342009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1703"
},
{
"category": "external",
"summary": "RHBZ#1342009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1703"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1703",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1703"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
}
],
"release_date": "2016-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-06-02T18:00:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1201"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:51.0.2704.79-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:51.0.2704.79-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…