Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-5018 (GCVE-0-2017-5018)
Vulnerability from cvelistv5 – Published: 2017-02-17 07:45 – Updated: 2024-08-05 14:47
VLAI
EPSS
Summary
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
Severity
No CVSS data available.
CWE
- insufficient policy enforcement
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95792 | vdb-entryx_refsource_BID |
| https://chromereleases.googleblog.com/2017/01/sta… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201701-66 | vendor-advisoryx_refsource_GENTOO |
| https://crbug.com/668665 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0206.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1037718 | vdb-entryx_refsource_SECTRACK |
| http://www.debian.org/security/2017/dsa-3776 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android |
Affected:
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android
|
Date Public
2017-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95792"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/668665"
},
{
"name": "RHSA-2017:0206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "1037718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
],
"datePublic": "2017-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "95792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95792"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/668665"
},
{
"name": "RHSA-2017:0206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "1037718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95792"
},
{
"name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"name": "https://crbug.com/668665",
"refsource": "CONFIRM",
"url": "https://crbug.com/668665"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5018",
"datePublished": "2017-02-17T07:45:00.000Z",
"dateReserved": "2017-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:44.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-5018",
"date": "2026-05-31",
"epss": "0.00443",
"percentile": "0.63592"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"55.0.2883.87\", \"matchCriteriaId\": \"20E75B30-0D25-4AC2-8506-1D29C8B87E77\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android ten\\u00eda una pol\\u00edtica de seguridad del contenido insuficientemente estricta en la p\\u00e1gina de lanzamiento de aplicaciones de Chrome, lo que permit\\u00eda a un atacante remoto inyectar secuencias de comandos o HTML en una p\\u00e1gina privilegiada a trav\\u00e9s de una p\\u00e1gina HTML manipulada.\"}]",
"id": "CVE-2017-5018",
"lastModified": "2024-11-21T03:26:52.477",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-02-17T07:59:00.590",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0206.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.debian.org/security/2017/dsa-3776\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/95792\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securitytracker.com/id/1037718\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/668665\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-66\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0206.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2017/dsa-3776\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/95792\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037718\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/668665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-66\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-5018\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2017-02-17T07:59:00.590\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android ten\u00eda una pol\u00edtica de seguridad del contenido insuficientemente estricta en la p\u00e1gina de lanzamiento de aplicaciones de Chrome, lo que permit\u00eda a un atacante remoto inyectar secuencias de comandos o HTML en una p\u00e1gina privilegiada a trav\u00e9s de una p\u00e1gina HTML manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"55.0.2883.87\",\"matchCriteriaId\":\"20E75B30-0D25-4AC2-8506-1D29C8B87E77\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0206.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3776\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/95792\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1037718\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/668665\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201701-66\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0206.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/95792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/668665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-66\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2017_0206
Vulnerability from csaf_redhat - Published: 2017-01-26 22:02 - Updated: 2024-11-14 22:37Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 56.0.2924.76.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.
4.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 56.0.2924.76.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0206",
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "1416657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416657"
},
{
"category": "external",
"summary": "1416658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416658"
},
{
"category": "external",
"summary": "1416659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416659"
},
{
"category": "external",
"summary": "1416660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416660"
},
{
"category": "external",
"summary": "1416661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416661"
},
{
"category": "external",
"summary": "1416662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416662"
},
{
"category": "external",
"summary": "1416663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416663"
},
{
"category": "external",
"summary": "1416664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416664"
},
{
"category": "external",
"summary": "1416665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416665"
},
{
"category": "external",
"summary": "1416666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416666"
},
{
"category": "external",
"summary": "1416667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416667"
},
{
"category": "external",
"summary": "1416668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416668"
},
{
"category": "external",
"summary": "1416669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416669"
},
{
"category": "external",
"summary": "1416670",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416670"
},
{
"category": "external",
"summary": "1416671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416671"
},
{
"category": "external",
"summary": "1416672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416672"
},
{
"category": "external",
"summary": "1416673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416673"
},
{
"category": "external",
"summary": "1416674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416674"
},
{
"category": "external",
"summary": "1416675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416675"
},
{
"category": "external",
"summary": "1416676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416676"
},
{
"category": "external",
"summary": "1416677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416677"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0206.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T22:37:51+00:00",
"generator": {
"date": "2024-11-14T22:37:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2017:0206",
"initial_release_date": "2017-01-26T22:02:24+00:00",
"revision_history": [
{
"date": "2017-01-26T22:02:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-01-26T22:02:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T22:37:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"product_id": "chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@56.0.2924.76-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@56.0.2924.76-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:56.0.2924.76-1.el6.i686",
"product": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.i686",
"product_id": "chromium-browser-0:56.0.2924.76-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@56.0.2924.76-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@56.0.2924.76-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686"
},
"product_reference": "chromium-browser-0:56.0.2924.76-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686"
},
"product_reference": "chromium-browser-0:56.0.2924.76-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686"
},
"product_reference": "chromium-browser-0:56.0.2924.76-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:56.0.2924.76-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5006",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416658"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5006"
},
{
"category": "external",
"summary": "RHBZ#1416658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5006",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5006"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5006",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5006"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2017-5007",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416657"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5007"
},
{
"category": "external",
"summary": "RHBZ#1416657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416657"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5007",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5007"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2017-5008",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416659"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5008"
},
{
"category": "external",
"summary": "RHBZ#1416659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416659"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5008"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5008",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5008"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2017-5009",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416662"
}
],
"notes": [
{
"category": "description",
"text": "WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out of bounds memory access in webrtc",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5009"
},
{
"category": "external",
"summary": "RHBZ#1416662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5009"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: out of bounds memory access in webrtc"
},
{
"cve": "CVE-2017-5010",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416660"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5010"
},
{
"category": "external",
"summary": "RHBZ#1416660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5010"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2017-5011",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416661"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: unauthorised file access in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5011"
},
{
"category": "external",
"summary": "RHBZ#1416661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5011",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5011"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: unauthorised file access in devtools"
},
{
"cve": "CVE-2017-5012",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416663"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5012"
},
{
"category": "external",
"summary": "RHBZ#1416663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416663"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5012"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in v8"
},
{
"cve": "CVE-2017-5013",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416664"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address spoofing in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5013"
},
{
"category": "external",
"summary": "RHBZ#1416664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5013"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: address spoofing in omnibox"
},
{
"cve": "CVE-2017-5014",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416665"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5014"
},
{
"category": "external",
"summary": "RHBZ#1416665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416665"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5014",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5014"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5014",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5014"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: heap overflow in skia"
},
{
"cve": "CVE-2017-5015",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416666"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address spoofing in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5015"
},
{
"category": "external",
"summary": "RHBZ#1416666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416666"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5015",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5015"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5015",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5015"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: address spoofing in omnibox"
},
{
"cve": "CVE-2017-5016",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416668"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don\u0027t control via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoofing in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5016"
},
{
"category": "external",
"summary": "RHBZ#1416668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5016",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5016"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5016",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5016"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: ui spoofing in blink"
},
{
"cve": "CVE-2017-5017",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416669"
}
],
"notes": [
{
"category": "description",
"text": "Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: uninitialised memory access in webm video",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5017"
},
{
"category": "external",
"summary": "RHBZ#1416669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5017",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5017"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: uninitialised memory access in webm video"
},
{
"cve": "CVE-2017-5018",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416670"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in chrome://apps",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5018"
},
{
"category": "external",
"summary": "RHBZ#1416670",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416670"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5018"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss in chrome://apps"
},
{
"cve": "CVE-2017-5019",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416667"
}
],
"notes": [
{
"category": "description",
"text": "A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in renderer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5019"
},
{
"category": "external",
"summary": "RHBZ#1416667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416667"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5019",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5019"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5019",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5019"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use after free in renderer"
},
{
"cve": "CVE-2017-5020",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416671"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in chrome://downloads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5020"
},
{
"category": "external",
"summary": "RHBZ#1416671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416671"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5020",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5020"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss in chrome://downloads"
},
{
"cve": "CVE-2017-5021",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416672"
}
],
"notes": [
{
"category": "description",
"text": "A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5021"
},
{
"category": "external",
"summary": "RHBZ#1416672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5021",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5021"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: use after free in extensions"
},
{
"cve": "CVE-2017-5022",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416673"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: bypass of content security policy in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5022"
},
{
"category": "external",
"summary": "RHBZ#1416673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416673"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5022"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: bypass of content security policy in blink"
},
{
"cve": "CVE-2017-5023",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416674"
}
],
"notes": [
{
"category": "description",
"text": "Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in metrics",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5023"
},
{
"category": "external",
"summary": "RHBZ#1416674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416674"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5023",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5023"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: type confusion in metrics"
},
{
"cve": "CVE-2017-5024",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416675"
}
],
"notes": [
{
"category": "description",
"text": "FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in ffmpeg",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5024"
},
{
"category": "external",
"summary": "RHBZ#1416675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5024",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5024"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5024",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5024"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: heap overflow in ffmpeg"
},
{
"cve": "CVE-2017-5025",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416676"
}
],
"notes": [
{
"category": "description",
"text": "FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in ffmpeg",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5025"
},
{
"category": "external",
"summary": "RHBZ#1416676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416676"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5025"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: heap overflow in ffmpeg"
},
{
"cve": "CVE-2017-5026",
"discovery_date": "2017-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1416677"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don\u0027t control via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5026"
},
{
"category": "external",
"summary": "RHBZ#1416677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5026",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5026"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5026",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5026"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
}
],
"release_date": "2017-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-01-26T22:02:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:56.0.2924.76-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:56.0.2924.76-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: ui spoofing"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…