Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-6064
Vulnerability from cvelistv5
Published
2018-11-14 15:00
Modified
2024-08-05 05:54
Severity ?
EPSS score ?
Summary
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "44394",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44394/"
},
{
"name": "103297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/798644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "65.0.3325.146",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T21:06:04",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "44394",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44394/"
},
{
"name": "103297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/798644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "65.0.3325.146"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "44394",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44394/"
},
{
"name": "103297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "https://crbug.com/798644",
"refsource": "MISC",
"url": "https://crbug.com/798644"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6064",
"datePublished": "2018-11-14T15:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-6064\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2018-11-14T15:29:01.203\",\"lastModified\":\"2024-11-21T04:09:59.297\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Confusi\u00f3n de tipos en la implementaci\u00f3n de __defineGetter__ en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permit\u00eda que un atacante remoto pudiese explotar una corrupci\u00f3n de memoria din\u00e1mica (heap) mediante una p\u00e1gina HTML manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-704\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"65.0.3325.146\",\"matchCriteriaId\":\"BB15D41B-C564-466D-B7AC-C2BB9EBD0D28\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103297\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0484\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/798644\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4182\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.exploit-db.com/exploits/44394/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-368/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/103297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/798644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/44394/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-19-368/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2018-6064
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-6064",
"description": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2018-6064",
"references": [
"https://www.suse.com/security/cve/CVE-2018-6064.html",
"https://www.debian.org/security/2018/dsa-4182",
"https://access.redhat.com/errata/RHSA-2018:0484",
"https://advisories.mageia.org/CVE-2018-6064.html",
"https://packetstormsecurity.com/files/cve/CVE-2018-6064"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-6064"
],
"details": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2018-6064",
"modified": "2023-12-13T01:22:35.481472Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "65.0.3325.146"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "44394",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44394/"
},
{
"name": "103297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "https://crbug.com/798644",
"refsource": "MISC",
"url": "https://crbug.com/798644"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "65.0.3325.146",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6064"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/798644",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://crbug.com/798644"
},
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "44394",
"refsource": "EXPLOIT-DB",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44394/"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "103297",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-05-02T15:50Z",
"publishedDate": "2018-11-14T15:29Z"
}
}
}
ghsa-694g-qcvr-75cx
Vulnerability from github
Published
2022-05-14 01:05
Modified
2022-05-14 01:05
Severity ?
Details
Type Confusion in the implementation of defineGetter in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2018-6064"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-14T15:29:00Z",
"severity": "HIGH"
},
"details": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-694g-qcvr-75cx",
"modified": "2022-05-14T01:05:54Z",
"published": "2022-05-14T01:05:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6064"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/798644"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44394"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-368"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103297"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
rhsa-2018_0484
Vulnerability from csaf_redhat
Published
2018-03-12 18:21
Modified
2024-11-15 02:07
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 65.0.3325.146.
Security Fix(es):
* chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)
* chromium-browser: use-after-free in blink (CVE-2018-6060)
* chromium-browser: race condition in v8 (CVE-2018-6061)
* chromium-browser: heap buffer overflow in skia (CVE-2018-6062)
* chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)
* chromium-browser: type confusion in v8 (CVE-2018-6064)
* chromium-browser: integer overflow in v8 (CVE-2018-6065)
* chromium-browser: same origin bypass via canvas (CVE-2018-6066)
* chromium-browser: buffer overflow in skia (CVE-2018-6067)
* chromium-browser: stack buffer overflow in skia (CVE-2018-6069)
* chromium-browser: csp bypass through extensions (CVE-2018-6070)
* chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)
* chromium-browser: integer overflow in pdfium (CVE-2018-6072)
* chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)
* chromium-browser: mark-of-the-web bypass (CVE-2018-6074)
* chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)
* chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)
* chromium-browser: timing attack using svg filters (CVE-2018-6077)
* chromium-browser: url spoof in omnibox (CVE-2018-6078)
* chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)
* chromium-browser: information disclosure in ipc call (CVE-2018-6080)
* chromium-browser: xss in interstitials (CVE-2018-6081)
* chromium-browser: circumvention of port blocking (CVE-2018-6082)
* chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 65.0.3325.146.\n\nSecurity Fix(es):\n\n* chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)\n\n* chromium-browser: use-after-free in blink (CVE-2018-6060)\n\n* chromium-browser: race condition in v8 (CVE-2018-6061)\n\n* chromium-browser: heap buffer overflow in skia (CVE-2018-6062)\n\n* chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)\n\n* chromium-browser: type confusion in v8 (CVE-2018-6064)\n\n* chromium-browser: integer overflow in v8 (CVE-2018-6065)\n\n* chromium-browser: same origin bypass via canvas (CVE-2018-6066)\n\n* chromium-browser: buffer overflow in skia (CVE-2018-6067)\n\n* chromium-browser: stack buffer overflow in skia (CVE-2018-6069)\n\n* chromium-browser: csp bypass through extensions (CVE-2018-6070)\n\n* chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)\n\n* chromium-browser: integer overflow in pdfium (CVE-2018-6072)\n\n* chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)\n\n* chromium-browser: mark-of-the-web bypass (CVE-2018-6074)\n\n* chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)\n\n* chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)\n\n* chromium-browser: timing attack using svg filters (CVE-2018-6077)\n\n* chromium-browser: url spoof in omnibox (CVE-2018-6078)\n\n* chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)\n\n* chromium-browser: information disclosure in ipc call (CVE-2018-6080)\n\n* chromium-browser: xss in interstitials (CVE-2018-6081)\n\n* chromium-browser: circumvention of port blocking (CVE-2018-6082)\n\n* chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0484",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1552476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552476"
},
{
"category": "external",
"summary": "1552477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552477"
},
{
"category": "external",
"summary": "1552478",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552478"
},
{
"category": "external",
"summary": "1552479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552479"
},
{
"category": "external",
"summary": "1552480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552480"
},
{
"category": "external",
"summary": "1552481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552481"
},
{
"category": "external",
"summary": "1552482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552482"
},
{
"category": "external",
"summary": "1552483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552483"
},
{
"category": "external",
"summary": "1552484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552484"
},
{
"category": "external",
"summary": "1552486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552486"
},
{
"category": "external",
"summary": "1552487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552487"
},
{
"category": "external",
"summary": "1552488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552488"
},
{
"category": "external",
"summary": "1552489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552489"
},
{
"category": "external",
"summary": "1552490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552490"
},
{
"category": "external",
"summary": "1552491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552491"
},
{
"category": "external",
"summary": "1552492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552492"
},
{
"category": "external",
"summary": "1552493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552493"
},
{
"category": "external",
"summary": "1552494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552494"
},
{
"category": "external",
"summary": "1552495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552495"
},
{
"category": "external",
"summary": "1552496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552496"
},
{
"category": "external",
"summary": "1552497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552497"
},
{
"category": "external",
"summary": "1552498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552498"
},
{
"category": "external",
"summary": "1552499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552499"
},
{
"category": "external",
"summary": "1552500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552500"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0484.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-15T02:07:08+00:00",
"generator": {
"date": "2024-11-15T02:07:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:0484",
"initial_release_date": "2018-03-12T18:21:28+00:00",
"revision_history": [
{
"date": "2018-03-12T18:21:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-03-12T18:21:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T02:07:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"product": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"product_id": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@65.0.3325.146-2.el6_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"product_id": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@65.0.3325.146-2.el6_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"product": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"product_id": "chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@65.0.3325.146-2.el6_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"product": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"product_id": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@65.0.3325.146-2.el6_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686"
},
"product_reference": "chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686"
},
"product_reference": "chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686"
},
"product_reference": "chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6057",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552479"
}
],
"notes": [
{
"category": "description",
"text": "Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: incorrect permissions on shared memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6057"
},
{
"category": "external",
"summary": "RHBZ#1552479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6057",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6057"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: incorrect permissions on shared memory"
},
{
"cve": "CVE-2018-6060",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552476"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use-after-free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6060"
},
{
"category": "external",
"summary": "RHBZ#1552476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6060"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use-after-free in blink"
},
{
"cve": "CVE-2018-6061",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552477"
}
],
"notes": [
{
"category": "description",
"text": "A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: race condition in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6061"
},
{
"category": "external",
"summary": "RHBZ#1552477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552477"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6061"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6061"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: race condition in v8"
},
{
"cve": "CVE-2018-6062",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552478"
}
],
"notes": [
{
"category": "description",
"text": "Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap buffer overflow in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6062"
},
{
"category": "external",
"summary": "RHBZ#1552478",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552478"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6062"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6062",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6062"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap buffer overflow in skia"
},
{
"cve": "CVE-2018-6063",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552480"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: incorrect permissions on shared memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6063"
},
{
"category": "external",
"summary": "RHBZ#1552480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6063",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6063"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: incorrect permissions on shared memory"
},
{
"cve": "CVE-2018-6064",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552481"
}
],
"notes": [
{
"category": "description",
"text": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6064"
},
{
"category": "external",
"summary": "RHBZ#1552481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6064"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: type confusion in v8"
},
{
"cve": "CVE-2018-6065",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552482"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: integer overflow in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6065"
},
{
"category": "external",
"summary": "RHBZ#1552482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6065"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: integer overflow in v8"
},
{
"cve": "CVE-2018-6066",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552483"
}
],
"notes": [
{
"category": "description",
"text": "Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: same origin bypass via canvas",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6066"
},
{
"category": "external",
"summary": "RHBZ#1552483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6066"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6066",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6066"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: same origin bypass via canvas"
},
{
"cve": "CVE-2018-6067",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552484"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: buffer overflow in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6067"
},
{
"category": "external",
"summary": "RHBZ#1552484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6067",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6067"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: buffer overflow in skia"
},
{
"cve": "CVE-2018-6069",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552486"
}
],
"notes": [
{
"category": "description",
"text": "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: stack buffer overflow in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6069"
},
{
"category": "external",
"summary": "RHBZ#1552486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6069"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: stack buffer overflow in skia"
},
{
"cve": "CVE-2018-6070",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552487"
}
],
"notes": [
{
"category": "description",
"text": "Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: csp bypass through extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6070"
},
{
"category": "external",
"summary": "RHBZ#1552487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552487"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6070"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6070",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6070"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: csp bypass through extensions"
},
{
"cve": "CVE-2018-6071",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552488"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap bufffer overflow in skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6071"
},
{
"category": "external",
"summary": "RHBZ#1552488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6071",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6071"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: heap bufffer overflow in skia"
},
{
"cve": "CVE-2018-6072",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552489"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: integer overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6072"
},
{
"category": "external",
"summary": "RHBZ#1552489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552489"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6072",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6072"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6072",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6072"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: integer overflow in pdfium"
},
{
"cve": "CVE-2018-6073",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552490"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap bufffer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6073"
},
{
"category": "external",
"summary": "RHBZ#1552490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552490"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6073"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6073",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6073"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: heap bufffer overflow in webgl"
},
{
"cve": "CVE-2018-6074",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552491"
}
],
"notes": [
{
"category": "description",
"text": "Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: mark-of-the-web bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6074"
},
{
"category": "external",
"summary": "RHBZ#1552491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552491"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6074"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: mark-of-the-web bypass"
},
{
"cve": "CVE-2018-6075",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552492"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: overly permissive cross origin downloads",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6075"
},
{
"category": "external",
"summary": "RHBZ#1552492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6075"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: overly permissive cross origin downloads"
},
{
"cve": "CVE-2018-6076",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552493"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: incorrect handling of url fragment identifiers in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6076"
},
{
"category": "external",
"summary": "RHBZ#1552493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6076"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: incorrect handling of url fragment identifiers in blink"
},
{
"cve": "CVE-2018-6077",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552494"
}
],
"notes": [
{
"category": "description",
"text": "Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: timing attack using svg filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6077"
},
{
"category": "external",
"summary": "RHBZ#1552494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6077"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6077",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6077"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: timing attack using svg filters"
},
{
"cve": "CVE-2018-6078",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552495"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6078"
},
{
"category": "external",
"summary": "RHBZ#1552495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6078"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6078",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6078"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoof in omnibox"
},
{
"cve": "CVE-2018-6079",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552496"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: information disclosure via texture data in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6079"
},
{
"category": "external",
"summary": "RHBZ#1552496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6079"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6079",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6079"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: information disclosure via texture data in webgl"
},
{
"cve": "CVE-2018-6080",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552497"
}
],
"notes": [
{
"category": "description",
"text": "Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: information disclosure in ipc call",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6080"
},
{
"category": "external",
"summary": "RHBZ#1552497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6080",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6080"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: information disclosure in ipc call"
},
{
"cve": "CVE-2018-6081",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552498"
}
],
"notes": [
{
"category": "description",
"text": "XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: xss in interstitials",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6081"
},
{
"category": "external",
"summary": "RHBZ#1552498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552498"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6081",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6081"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: xss in interstitials"
},
{
"cve": "CVE-2018-6082",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552499"
}
],
"notes": [
{
"category": "description",
"text": "Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: circumvention of port blocking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6082"
},
{
"category": "external",
"summary": "RHBZ#1552499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6082",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6082"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6082",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6082"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: circumvention of port blocking"
},
{
"cve": "CVE-2018-6083",
"discovery_date": "2018-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552500"
}
],
"notes": [
{
"category": "description",
"text": "Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: incorrect processing of appmanifests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6083"
},
{
"category": "external",
"summary": "RHBZ#1552500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552500"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6083",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6083"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
],
"release_date": "2018-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-03-12T18:21:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:65.0.3325.146-2.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:65.0.3325.146-2.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: incorrect processing of appmanifests"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.