Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5153 (GCVE-0-2016-5153)
Vulnerability from cvelistv5 – Published: 2016-09-11 10:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://codereview.chromium.org/2188623006 | x_refsource_CONFIRM |
| https://googlechromereleases.blogspot.com/2016/08… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/92717 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1036729 | vdb-entryx_refsource_SECTRACK |
| https://codereview.chromium.org/2189813002/ | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3660 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201610-09 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2016-1854.html | vendor-advisoryx_refsource_REDHAT |
| https://crbug.com/631052 | x_refsource_CONFIRM |
Date Public ?
2016-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2188623006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "SUSE-SU-2016:2251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
},
{
"name": "92717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2189813002/"
},
{
"name": "openSUSE-SU-2016:2349",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "DSA-3660",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/631052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:2250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2188623006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "SUSE-SU-2016:2251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
},
{
"name": "92717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2189813002/"
},
{
"name": "openSUSE-SU-2016:2349",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "DSA-3660",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/631052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
},
{
"name": "https://codereview.chromium.org/2188623006",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2188623006"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "SUSE-SU-2016:2251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
},
{
"name": "92717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036729"
},
{
"name": "https://codereview.chromium.org/2189813002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2189813002/"
},
{
"name": "openSUSE-SU-2016:2349",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "DSA-3660",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"name": "https://crbug.com/631052",
"refsource": "CONFIRM",
"url": "https://crbug.com/631052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5153",
"datePublished": "2016-09-11T10:00:00.000Z",
"dateReserved": "2016-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-5153",
"date": "2026-05-24",
"epss": "0.01673",
"percentile": "0.82375"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"52.0.2743.116\", \"matchCriteriaId\": \"2B9B1F3E-5ED5-490F-9AB5-B2065C2C99FF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de Web Animations en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, conf\\u00eda indebidamente en la iteraci\\u00f3n de lista, lo que permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (uso despu\\u00e9s de destrucci\\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\\u00e9s de un sitio web manipulado.\"}]",
"id": "CVE-2016-5153",
"lastModified": "2024-11-21T02:53:43.740",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-09-11T10:59:08.943",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1854.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3660\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/92717\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036729\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/2188623006\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/2189813002/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/631052\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-09\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1854.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3660\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/92717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/2188623006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/2189813002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/631052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-19\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5153\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-09-11T10:59:08.943\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de Web Animations en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, conf\u00eda indebidamente en la iteraci\u00f3n de lista, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de destrucci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de un sitio web manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"52.0.2743.116\",\"matchCriteriaId\":\"2B9B1F3E-5ED5-490F-9AB5-B2065C2C99FF\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1854.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3660\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/92717\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1036729\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/2188623006\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/2189813002/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/631052\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201610-09\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1854.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3660\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/92717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/2188623006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/2189813002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/631052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201610-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2016_1854
Vulnerability from csaf_redhat - Published: 2016-09-12 19:39 - Updated: 2024-11-14 20:48Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.89.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1854",
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"category": "external",
"summary": "1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1854.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:48:08+00:00",
"generator": {
"date": "2024-11-14T20:48:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1854",
"initial_release_date": "2016-09-12T19:39:33+00:00",
"revision_history": [
{
"date": "2016-09-12T19:39:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-12T19:39:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:48:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372207"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "RHBZ#1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5148",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372208"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "RHBZ#1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5149",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372209"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "RHBZ#1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: script injection in extensions"
},
{
"cve": "CVE-2016-5150",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372210"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "RHBZ#1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5151",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372212"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "RHBZ#1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5152",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372213"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "RHBZ#1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5153",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372214"
}
],
"notes": [
{
"category": "description",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after destruction in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "RHBZ#1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after destruction in blink"
},
{
"cve": "CVE-2016-5154",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372215"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "RHBZ#1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5155",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372216"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "RHBZ#1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5156",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372217"
}
],
"notes": [
{
"category": "description",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in event bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "RHBZ#1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in event bindings"
},
{
"cve": "CVE-2016-5157",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372218"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "RHBZ#1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5158",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372219"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "RHBZ#1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc"
},
{
"cve": "CVE-2016-5159",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372220"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow in parsing of JPEG2000 code blocks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "RHBZ#1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow in parsing of JPEG2000 code blocks"
},
{
"cve": "CVE-2016-5160",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372228"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "RHBZ#1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5161",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372221"
}
],
"notes": [
{
"category": "description",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "RHBZ#1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: type confusion in blink"
},
{
"cve": "CVE-2016-5162",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372222"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "RHBZ#1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5162",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5163",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372223"
}
],
"notes": [
{
"category": "description",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "RHBZ#1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5163",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5164",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372224"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "RHBZ#1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5164",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss using devtools"
},
{
"cve": "CVE-2016-5165",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372225"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "RHBZ#1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: script injection in devtools"
},
{
"cve": "CVE-2016-5166",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372227"
}
],
"notes": [
{
"category": "description",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: smb relay attack via save page as",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "RHBZ#1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: smb relay attack via save page as"
},
{
"cve": "CVE-2016-5167",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372229"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5167"
},
{
"category": "external",
"summary": "RHBZ#1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
SUSE-SU-2016:2250-1
Vulnerability from csaf_suse - Published: 2016-09-01 12:42 - Updated: 2016-09-01 12:42Summary
Security update for Chromium
Severity
Important
Notes
Title of the patch: Security update for Chromium
Description of the patch: Chromium was updated to 53.0.2785.89 to fix a number of security issues.
The following vulnerabilities were fixed: (boo#996648)
- CVE-2016-5147: Universal XSS in Blink.
- CVE-2016-5148: Universal XSS in Blink.
- CVE-2016-5149: Script injection in extensions.
- CVE-2016-5150: Use after free in Blink.
- CVE-2016-5151: Use after free in PDFium.
- CVE-2016-5152: Heap overflow in PDFium.
- CVE-2016-5153: Use after destruction in Blink.
- CVE-2016-5154: Heap overflow in PDFium.
- CVE-2016-5155: Address bar spoofing.
- CVE-2016-5156: Use after free in event bindings.
- CVE-2016-5157: Heap overflow in PDFium.
- CVE-2016-5158: Heap overflow in PDFium.
- CVE-2016-5159: Heap overflow in PDFium.
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass.
- CVE-2016-5163: Address bar spoofing.
- CVE-2016-5164: Universal XSS using DevTools.
- CVE-2016-5165: Script injection in DevTools.
- CVE-2016-5166: SMB Relay Attack via Save Page As.
- CVE-2016-5160: Extensions web accessible resources bypass.
A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)
Patchnames: 5568
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
67 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\nThe following vulnerabilities were fixed: (boo#996648)\n\n- CVE-2016-5147: Universal XSS in Blink.\n- CVE-2016-5148: Universal XSS in Blink.\n- CVE-2016-5149: Script injection in extensions.\n- CVE-2016-5150: Use after free in Blink.\n- CVE-2016-5151: Use after free in PDFium.\n- CVE-2016-5152: Heap overflow in PDFium.\n- CVE-2016-5153: Use after destruction in Blink.\n- CVE-2016-5154: Heap overflow in PDFium.\n- CVE-2016-5155: Address bar spoofing.\n- CVE-2016-5156: Use after free in event bindings.\n- CVE-2016-5157: Heap overflow in PDFium.\n- CVE-2016-5158: Heap overflow in PDFium.\n- CVE-2016-5159: Heap overflow in PDFium.\n- CVE-2016-5161: Type confusion in Blink.\n- CVE-2016-5162: Extensions web accessible resources bypass.\n- CVE-2016-5163: Address bar spoofing.\n- CVE-2016-5164: Universal XSS using DevTools.\n- CVE-2016-5165: Script injection in DevTools.\n- CVE-2016-5166: SMB Relay Attack via Save Page As.\n- CVE-2016-5160: Extensions web accessible resources bypass.\n\nA number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)",
"title": "Description of the patch"
},
{
"category": "details",
"text": "5568",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2250-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2250-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162250-1/"
},
{
"category": "self",
"summary": "SUSE Bug 995932",
"url": "https://bugzilla.suse.com/995932"
},
{
"category": "self",
"summary": "SUSE Bug 996032",
"url": "https://bugzilla.suse.com/996032"
},
{
"category": "self",
"summary": "SUSE Bug 99606",
"url": "https://bugzilla.suse.com/99606"
},
{
"category": "self",
"summary": "SUSE Bug 996648",
"url": "https://bugzilla.suse.com/996648"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5147 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5148 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5149 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5150 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5151 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5153 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5155 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5157 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5159 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5160 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5161 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5162 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5163 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5164 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5166/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2016-09-01T12:42:13Z",
"generator": {
"date": "2016-09-01T12:42:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2250-1",
"initial_release_date": "2016-09-01T12:42:13Z",
"revision_history": [
{
"date": "2016-09-01T12:42:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromedriver-53.0.2785.89-96.1.x86_64",
"product_id": "chromedriver-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromedriver-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5147"
}
],
"notes": [
{
"category": "general",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5147",
"url": "https://www.suse.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5147",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5147"
},
{
"cve": "CVE-2016-5148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5148"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5148",
"url": "https://www.suse.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5148",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5148"
},
{
"cve": "CVE-2016-5149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5149"
}
],
"notes": [
{
"category": "general",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5149",
"url": "https://www.suse.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5149",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5149"
},
{
"cve": "CVE-2016-5150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5150"
}
],
"notes": [
{
"category": "general",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5150",
"url": "https://www.suse.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5150",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5150"
},
{
"cve": "CVE-2016-5151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5151"
}
],
"notes": [
{
"category": "general",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5151",
"url": "https://www.suse.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5151",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5151"
},
{
"cve": "CVE-2016-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5152"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5152",
"url": "https://www.suse.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5152",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5152"
},
{
"cve": "CVE-2016-5153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5153"
}
],
"notes": [
{
"category": "general",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5153",
"url": "https://www.suse.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5153",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5153"
},
{
"cve": "CVE-2016-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5154"
}
],
"notes": [
{
"category": "general",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5154",
"url": "https://www.suse.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5154",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5154"
},
{
"cve": "CVE-2016-5155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5155"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5155",
"url": "https://www.suse.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5155",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5155"
},
{
"cve": "CVE-2016-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5156"
}
],
"notes": [
{
"category": "general",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5156",
"url": "https://www.suse.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5156",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5156"
},
{
"cve": "CVE-2016-5157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5157"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5157",
"url": "https://www.suse.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5157",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5157"
},
{
"cve": "CVE-2016-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5158"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5158",
"url": "https://www.suse.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5158",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5158"
},
{
"cve": "CVE-2016-5159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5159"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5159",
"url": "https://www.suse.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5159",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5159"
},
{
"cve": "CVE-2016-5160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5160"
}
],
"notes": [
{
"category": "general",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5160",
"url": "https://www.suse.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5160",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5160"
},
{
"cve": "CVE-2016-5161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5161"
}
],
"notes": [
{
"category": "general",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5161",
"url": "https://www.suse.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5161",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5161"
},
{
"cve": "CVE-2016-5162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5162"
}
],
"notes": [
{
"category": "general",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5162",
"url": "https://www.suse.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5162",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5162"
},
{
"cve": "CVE-2016-5163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5163"
}
],
"notes": [
{
"category": "general",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5163",
"url": "https://www.suse.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5163",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5163"
},
{
"cve": "CVE-2016-5164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5164"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5164",
"url": "https://www.suse.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5164",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5164"
},
{
"cve": "CVE-2016-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5165"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5165",
"url": "https://www.suse.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5165",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5165"
},
{
"cve": "CVE-2016-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5166"
}
],
"notes": [
{
"category": "general",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5166",
"url": "https://www.suse.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5166",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5166"
}
]
}
SUSE-SU-2016:2251-1
Vulnerability from csaf_suse - Published: 2016-09-01 12:42 - Updated: 2016-09-01 12:42Summary
Security update for Chromium
Severity
Important
Notes
Title of the patch: Security update for Chromium
Description of the patch: Chromium was updated to 53.0.2785.89 to fix a number of security issues.
The following vulnerabilities were fixed: (boo#996648)
- CVE-2016-5147: Universal XSS in Blink.
- CVE-2016-5148: Universal XSS in Blink.
- CVE-2016-5149: Script injection in extensions.
- CVE-2016-5150: Use after free in Blink.
- CVE-2016-5151: Use after free in PDFium.
- CVE-2016-5152: Heap overflow in PDFium.
- CVE-2016-5153: Use after destruction in Blink.
- CVE-2016-5154: Heap overflow in PDFium.
- CVE-2016-5155: Address bar spoofing.
- CVE-2016-5156: Use after free in event bindings.
- CVE-2016-5157: Heap overflow in PDFium.
- CVE-2016-5158: Heap overflow in PDFium.
- CVE-2016-5159: Heap overflow in PDFium.
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass.
- CVE-2016-5163: Address bar spoofing.
- CVE-2016-5164: Universal XSS using DevTools.
- CVE-2016-5165: Script injection in DevTools.
- CVE-2016-5166: SMB Relay Attack via Save Page As.
- CVE-2016-5160: Extensions web accessible resources bypass.
A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)
Patchnames: 5568
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
68 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\nThe following vulnerabilities were fixed: (boo#996648)\n\n- CVE-2016-5147: Universal XSS in Blink.\n- CVE-2016-5148: Universal XSS in Blink.\n- CVE-2016-5149: Script injection in extensions.\n- CVE-2016-5150: Use after free in Blink.\n- CVE-2016-5151: Use after free in PDFium.\n- CVE-2016-5152: Heap overflow in PDFium.\n- CVE-2016-5153: Use after destruction in Blink.\n- CVE-2016-5154: Heap overflow in PDFium.\n- CVE-2016-5155: Address bar spoofing.\n- CVE-2016-5156: Use after free in event bindings.\n- CVE-2016-5157: Heap overflow in PDFium.\n- CVE-2016-5158: Heap overflow in PDFium.\n- CVE-2016-5159: Heap overflow in PDFium.\n- CVE-2016-5161: Type confusion in Blink.\n- CVE-2016-5162: Extensions web accessible resources bypass.\n- CVE-2016-5163: Address bar spoofing.\n- CVE-2016-5164: Universal XSS using DevTools.\n- CVE-2016-5165: Script injection in DevTools.\n- CVE-2016-5166: SMB Relay Attack via Save Page As.\n- CVE-2016-5160: Extensions web accessible resources bypass.\n\nA number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)",
"title": "Description of the patch"
},
{
"category": "details",
"text": "5568",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2251-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2251-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162251-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2251-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002259.html"
},
{
"category": "self",
"summary": "SUSE Bug 995932",
"url": "https://bugzilla.suse.com/995932"
},
{
"category": "self",
"summary": "SUSE Bug 996032",
"url": "https://bugzilla.suse.com/996032"
},
{
"category": "self",
"summary": "SUSE Bug 99606",
"url": "https://bugzilla.suse.com/99606"
},
{
"category": "self",
"summary": "SUSE Bug 996648",
"url": "https://bugzilla.suse.com/996648"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5147 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5148 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5149 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5150 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5151 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5153 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5155 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5157 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5159 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5160 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5161 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5162 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5163 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5164 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5166/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2016-09-01T12:42:13Z",
"generator": {
"date": "2016-09-01T12:42:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2251-1",
"initial_release_date": "2016-09-01T12:42:13Z",
"revision_history": [
{
"date": "2016-09-01T12:42:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromedriver-53.0.2785.89-96.1.x86_64",
"product_id": "chromedriver-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromedriver-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5147"
}
],
"notes": [
{
"category": "general",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5147",
"url": "https://www.suse.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5147",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5147"
},
{
"cve": "CVE-2016-5148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5148"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5148",
"url": "https://www.suse.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5148",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5148"
},
{
"cve": "CVE-2016-5149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5149"
}
],
"notes": [
{
"category": "general",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5149",
"url": "https://www.suse.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5149",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5149"
},
{
"cve": "CVE-2016-5150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5150"
}
],
"notes": [
{
"category": "general",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5150",
"url": "https://www.suse.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5150",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5150"
},
{
"cve": "CVE-2016-5151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5151"
}
],
"notes": [
{
"category": "general",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5151",
"url": "https://www.suse.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5151",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5151"
},
{
"cve": "CVE-2016-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5152"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5152",
"url": "https://www.suse.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5152",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5152"
},
{
"cve": "CVE-2016-5153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5153"
}
],
"notes": [
{
"category": "general",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5153",
"url": "https://www.suse.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5153",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5153"
},
{
"cve": "CVE-2016-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5154"
}
],
"notes": [
{
"category": "general",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5154",
"url": "https://www.suse.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5154",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5154"
},
{
"cve": "CVE-2016-5155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5155"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5155",
"url": "https://www.suse.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5155",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5155"
},
{
"cve": "CVE-2016-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5156"
}
],
"notes": [
{
"category": "general",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5156",
"url": "https://www.suse.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5156",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5156"
},
{
"cve": "CVE-2016-5157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5157"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5157",
"url": "https://www.suse.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5157",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5157"
},
{
"cve": "CVE-2016-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5158"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5158",
"url": "https://www.suse.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5158",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5158"
},
{
"cve": "CVE-2016-5159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5159"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5159",
"url": "https://www.suse.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5159",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5159"
},
{
"cve": "CVE-2016-5160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5160"
}
],
"notes": [
{
"category": "general",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5160",
"url": "https://www.suse.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5160",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5160"
},
{
"cve": "CVE-2016-5161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5161"
}
],
"notes": [
{
"category": "general",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5161",
"url": "https://www.suse.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5161",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5161"
},
{
"cve": "CVE-2016-5162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5162"
}
],
"notes": [
{
"category": "general",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5162",
"url": "https://www.suse.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5162",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5162"
},
{
"cve": "CVE-2016-5163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5163"
}
],
"notes": [
{
"category": "general",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5163",
"url": "https://www.suse.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5163",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5163"
},
{
"cve": "CVE-2016-5164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5164"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5164",
"url": "https://www.suse.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5164",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5164"
},
{
"cve": "CVE-2016-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5165"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5165",
"url": "https://www.suse.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5165",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5165"
},
{
"cve": "CVE-2016-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5166"
}
],
"notes": [
{
"category": "general",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5166",
"url": "https://www.suse.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5166",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5166"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…