Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5194 (GCVE-0-2016-5194)
Vulnerability from cvelistv5 – Published: 2019-11-20 14:54 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
Severity ?
No CVSS data available.
CWE
- various fixes from internal audits
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "before 54.0.2840.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "various fixes from internal audits",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T14:54:51",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "before 54.0.2840.59"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "various fixes from internal audits"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5194",
"datePublished": "2019-11-20T14:54:51",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"54.0.2840.59\", \"matchCriteriaId\": \"7EB7250E-5DFB-4982-8A22-72CE8D045997\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidades no especificadas en Google Chrome versiones anteriores a la versi\\u00f3n 54.0.2840.59.\"}]",
"id": "CVE-2016-5194",
"lastModified": "2024-11-21T02:53:48.713",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-11-20T15:15:11.443",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5194\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-11-20T15:15:11.443\",\"lastModified\":\"2024-11-21T02:53:48.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidades no especificadas en Google Chrome versiones anteriores a la versi\u00f3n 54.0.2840.59.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"54.0.2840.59\",\"matchCriteriaId\":\"7EB7250E-5DFB-4982-8A22-72CE8D045997\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-9599-WJXJ-X99M
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01
VLAI?
Details
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
{
"affected": [],
"aliases": [
"CVE-2016-5194"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-20T15:15:00Z",
"severity": "HIGH"
},
"details": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.",
"id": "GHSA-9599-wjxj-x99m",
"modified": "2022-05-24T17:01:36Z",
"published": "2022-05-24T17:01:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
RHSA-2016:2067
Vulnerability from csaf_redhat - Published: 2016-10-17 08:42 - Updated: 2025-11-21 17:57Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 54.0.2840.59.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 54.0.2840.59.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2067",
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "1384347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384347"
},
{
"category": "external",
"summary": "1384348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384348"
},
{
"category": "external",
"summary": "1384349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384349"
},
{
"category": "external",
"summary": "1384350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384350"
},
{
"category": "external",
"summary": "1384352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384352"
},
{
"category": "external",
"summary": "1384354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384354"
},
{
"category": "external",
"summary": "1384355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384355"
},
{
"category": "external",
"summary": "1384357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384357"
},
{
"category": "external",
"summary": "1384358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384358"
},
{
"category": "external",
"summary": "1384360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384360"
},
{
"category": "external",
"summary": "1384361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384361"
},
{
"category": "external",
"summary": "1384362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384362"
},
{
"category": "external",
"summary": "1384364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384364"
},
{
"category": "external",
"summary": "1384365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384365"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2067.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T17:57:52+00:00",
"generator": {
"date": "2025-11-21T17:57:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2067",
"initial_release_date": "2016-10-17T08:42:02+00:00",
"revision_history": [
{
"date": "2016-10-17T08:42:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T08:42:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:57:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product_id": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@54.0.2840.59-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@54.0.2840.59-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product_id": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@54.0.2840.59-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@54.0.2840.59-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5181",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384347"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5181"
},
{
"category": "external",
"summary": "RHBZ#1384347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5181"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5182",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384348"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5182"
},
{
"category": "external",
"summary": "RHBZ#1384348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384348"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5182"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in blink"
},
{
"cve": "CVE-2016-5183",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384349"
}
],
"notes": [
{
"category": "description",
"text": "A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5183"
},
{
"category": "external",
"summary": "RHBZ#1384349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5183"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5184",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384350"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5184"
},
{
"category": "external",
"summary": "RHBZ#1384350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5184",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5184"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5185",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384352"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5185"
},
{
"category": "external",
"summary": "RHBZ#1384352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5185",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5185"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5186",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384360"
}
],
"notes": [
{
"category": "description",
"text": "Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out of bounds read in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5186"
},
{
"category": "external",
"summary": "RHBZ#1384360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5186"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out of bounds read in devtools"
},
{
"cve": "CVE-2016-5187",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384354"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5187"
},
{
"category": "external",
"summary": "RHBZ#1384354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5187"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: url spoofing"
},
{
"cve": "CVE-2016-5188",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384355"
}
],
"notes": [
{
"category": "description",
"text": "Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5188"
},
{
"category": "external",
"summary": "RHBZ#1384355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5188"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: ui spoofing"
},
{
"cve": "CVE-2016-5189",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384358"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5189"
},
{
"category": "external",
"summary": "RHBZ#1384358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5189"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoofing"
},
{
"cve": "CVE-2016-5190",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384362"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in internals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5190"
},
{
"category": "external",
"summary": "RHBZ#1384362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5190"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use after free in internals"
},
{
"cve": "CVE-2016-5191",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384361"
}
],
"notes": [
{
"category": "description",
"text": "Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in bookmarks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5191"
},
{
"category": "external",
"summary": "RHBZ#1384361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5191"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss in bookmarks"
},
{
"cve": "CVE-2016-5192",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384357"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross-origin bypass in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5192"
},
{
"category": "external",
"summary": "RHBZ#1384357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5192",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5192"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: cross-origin bypass in blink"
},
{
"cve": "CVE-2016-5193",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384364"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: scheme bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5193"
},
{
"category": "external",
"summary": "RHBZ#1384364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5193"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: scheme bypass"
},
{
"cve": "CVE-2016-5194",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384365"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5194"
},
{
"category": "external",
"summary": "RHBZ#1384365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5194",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
RHSA-2016_2067
Vulnerability from csaf_redhat - Published: 2016-10-17 08:42 - Updated: 2024-11-14 20:48Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 54.0.2840.59.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 54.0.2840.59.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2067",
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "1384347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384347"
},
{
"category": "external",
"summary": "1384348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384348"
},
{
"category": "external",
"summary": "1384349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384349"
},
{
"category": "external",
"summary": "1384350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384350"
},
{
"category": "external",
"summary": "1384352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384352"
},
{
"category": "external",
"summary": "1384354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384354"
},
{
"category": "external",
"summary": "1384355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384355"
},
{
"category": "external",
"summary": "1384357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384357"
},
{
"category": "external",
"summary": "1384358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384358"
},
{
"category": "external",
"summary": "1384360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384360"
},
{
"category": "external",
"summary": "1384361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384361"
},
{
"category": "external",
"summary": "1384362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384362"
},
{
"category": "external",
"summary": "1384364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384364"
},
{
"category": "external",
"summary": "1384365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384365"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2067.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:48:36+00:00",
"generator": {
"date": "2024-11-14T20:48:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:2067",
"initial_release_date": "2016-10-17T08:42:02+00:00",
"revision_history": [
{
"date": "2016-10-17T08:42:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T08:42:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:48:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product_id": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@54.0.2840.59-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@54.0.2840.59-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product_id": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@54.0.2840.59-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@54.0.2840.59-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5181",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384347"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5181"
},
{
"category": "external",
"summary": "RHBZ#1384347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5181"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5182",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384348"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5182"
},
{
"category": "external",
"summary": "RHBZ#1384348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384348"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5182"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in blink"
},
{
"cve": "CVE-2016-5183",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384349"
}
],
"notes": [
{
"category": "description",
"text": "A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5183"
},
{
"category": "external",
"summary": "RHBZ#1384349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5183"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5184",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384350"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5184"
},
{
"category": "external",
"summary": "RHBZ#1384350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5184",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5184"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5185",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384352"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5185"
},
{
"category": "external",
"summary": "RHBZ#1384352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5185",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5185"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5186",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384360"
}
],
"notes": [
{
"category": "description",
"text": "Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out of bounds read in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5186"
},
{
"category": "external",
"summary": "RHBZ#1384360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5186"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out of bounds read in devtools"
},
{
"cve": "CVE-2016-5187",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384354"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5187"
},
{
"category": "external",
"summary": "RHBZ#1384354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5187"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: url spoofing"
},
{
"cve": "CVE-2016-5188",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384355"
}
],
"notes": [
{
"category": "description",
"text": "Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5188"
},
{
"category": "external",
"summary": "RHBZ#1384355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5188"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: ui spoofing"
},
{
"cve": "CVE-2016-5189",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384358"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5189"
},
{
"category": "external",
"summary": "RHBZ#1384358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5189"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoofing"
},
{
"cve": "CVE-2016-5190",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384362"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in internals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5190"
},
{
"category": "external",
"summary": "RHBZ#1384362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5190"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use after free in internals"
},
{
"cve": "CVE-2016-5191",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384361"
}
],
"notes": [
{
"category": "description",
"text": "Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in bookmarks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5191"
},
{
"category": "external",
"summary": "RHBZ#1384361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5191"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss in bookmarks"
},
{
"cve": "CVE-2016-5192",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384357"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross-origin bypass in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5192"
},
{
"category": "external",
"summary": "RHBZ#1384357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5192",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5192"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: cross-origin bypass in blink"
},
{
"cve": "CVE-2016-5193",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384364"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: scheme bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5193"
},
{
"category": "external",
"summary": "RHBZ#1384364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5193"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: scheme bypass"
},
{
"cve": "CVE-2016-5194",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384365"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5194"
},
{
"category": "external",
"summary": "RHBZ#1384365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5194",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
GSD-2016-5194
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-5194",
"description": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.",
"id": "GSD-2016-5194",
"references": [
"https://www.debian.org/security/2016/dsa-3731",
"https://access.redhat.com/errata/RHSA-2016:2067",
"https://ubuntu.com/security/CVE-2016-5194",
"https://advisories.mageia.org/CVE-2016-5194.html",
"https://security.archlinux.org/CVE-2016-5194"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-5194"
],
"details": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.",
"id": "GSD-2016-5194",
"modified": "2023-12-13T01:21:25.570110Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "before 54.0.2840.59"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "various fixes from internal audits"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "54.0.2840.59",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5194"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-11-21T13:04Z",
"publishedDate": "2019-11-20T15:15Z"
}
}
}
CERTFR-2016-AVI-345
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Google Chrome. Elle permet à un attaquant de provoquer des problèmes de sécurité non spécifiés par l'éditeur, une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome versions antérieures à 54.0.2840.59
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 54.0.2840.59\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5193"
},
{
"name": "CVE-2016-5184",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5184"
},
{
"name": "CVE-2016-5183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5183"
},
{
"name": "CVE-2016-5194",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5194"
},
{
"name": "CVE-2016-5181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5181"
},
{
"name": "CVE-2016-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5188"
},
{
"name": "CVE-2016-5182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5182"
},
{
"name": "CVE-2016-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5190"
},
{
"name": "CVE-2016-5191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5191"
},
{
"name": "CVE-2016-5185",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5185"
},
{
"name": "CVE-2016-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5189"
},
{
"name": "CVE-2016-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5186"
},
{
"name": "CVE-2016-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5187"
},
{
"name": "CVE-2016-5192",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5192"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-345",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eGoogle\nChrome\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer des probl\u00e8mes de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9s par l\u0027\u00e9diteur, une injection de code indirecte \u00e0\ndistance (XSS) et une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 13 octobre 2016",
"url": "https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CERTFR-2016-AVI-345
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Google Chrome. Elle permet à un attaquant de provoquer des problèmes de sécurité non spécifiés par l'éditeur, une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome versions antérieures à 54.0.2840.59
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 54.0.2840.59\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5193"
},
{
"name": "CVE-2016-5184",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5184"
},
{
"name": "CVE-2016-5183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5183"
},
{
"name": "CVE-2016-5194",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5194"
},
{
"name": "CVE-2016-5181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5181"
},
{
"name": "CVE-2016-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5188"
},
{
"name": "CVE-2016-5182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5182"
},
{
"name": "CVE-2016-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5190"
},
{
"name": "CVE-2016-5191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5191"
},
{
"name": "CVE-2016-5185",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5185"
},
{
"name": "CVE-2016-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5189"
},
{
"name": "CVE-2016-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5186"
},
{
"name": "CVE-2016-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5187"
},
{
"name": "CVE-2016-5192",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5192"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-345",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eGoogle\nChrome\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer des probl\u00e8mes de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9s par l\u0027\u00e9diteur, une injection de code indirecte \u00e0\ndistance (XSS) et une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 13 octobre 2016",
"url": "https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CNVD-2016-10165
Vulnerability from cnvd - Published: 2016-10-27
VLAI Severity ?
Title
Google Chrome存在多个漏洞(CNVD-2016-10165)
Description
Google Chrome是一款流行的Web浏览器。
Google Chrome存在在多个漏洞。攻击者可以利用漏洞在浏览器的上下文中执行任意代码,获取敏感信息,绕过安全限制,或引起拒绝服务条件,其它攻击也可以是可能的。
Severity
中
Patch Name
Google Chrome存在多个漏洞(CNVD-2016-10165)的补丁
Patch Description
Google Chrome是一款流行的Web浏览器。
Google Chrome存在在多个漏洞。攻击者可以利用漏洞在浏览器的上下文中执行任意代码,获取敏感信息,绕过安全限制,或引起拒绝服务条件,其它攻击也可以是可能的。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://googlechromereleases.blogspot.in/2016/10/stable-channel-update-for-desktop.html
Reference
http://www.securityfocus.com/bid/93528
Impacted products
| Name | Google Chrome <54.0.2840.59 |
|---|
{
"bids": {
"bid": {
"bidNumber": "93528"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-5194"
}
},
"description": "Google Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u5728\u591a\u4e2a\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6216\u5f15\u8d77\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u5176\u5b83\u653b\u51fb\u4e5f\u53ef\u4ee5\u662f\u53ef\u80fd\u7684\u3002",
"discovererName": "Google",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://googlechromereleases.blogspot.in/2016/10/stable-channel-update-for-desktop.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-10165",
"openTime": "2016-10-27",
"patchDescription": "Google Chrome\u662f\u4e00\u6b3e\u6d41\u884c\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u5728\u591a\u4e2a\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6216\u5f15\u8d77\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u5176\u5b83\u653b\u51fb\u4e5f\u53ef\u4ee5\u662f\u53ef\u80fd\u7684\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff08CNVD-2016-10165\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c54.0.2840.59"
},
"referenceLink": "http://www.securityfocus.com/bid/93528",
"serverity": "\u4e2d",
"submitTime": "2016-10-18",
"title": "Google Chrome\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff08CNVD-2016-10165\uff09"
}
FKIE_CVE-2016-5194
Vulnerability from fkie_nvd - Published: 2019-11-20 15:15 - Updated: 2024-11-21 02:53
Severity ?
Summary
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB7250E-5DFB-4982-8A22-72CE8D045997",
"versionEndExcluding": "54.0.2840.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59."
},
{
"lang": "es",
"value": "Vulnerabilidades no especificadas en Google Chrome versiones anteriores a la versi\u00f3n 54.0.2840.59."
}
],
"id": "CVE-2016-5194",
"lastModified": "2024-11-21T02:53:48.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T15:15:11.443",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…