Action not permitted
Modal body text goes here.
CVE-2019-13746
Vulnerability from cvelistv5
Published
2019-12-10 21:01
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:43.693Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/999932" }, { "name": "RHSA-2019:4238", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "79.0.3945.79", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ], "problemTypes": [ { "descriptions": [ { "description": "Insufficient policy enforcement", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-13T04:06:34", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/999932" }, { "name": "RHSA-2019:4238", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-08" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2019-13746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "79.0.3945.79" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/999932", "refsource": "MISC", "url": "https://crbug.com/999932" }, { "name": "RHSA-2019:4238", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-08" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-13746", "datePublished": "2019-12-10T21:01:50", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.693Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-13746\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-12-10T22:15:14.417\",\"lastModified\":\"2023-11-07T03:04:22.220\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Una aplicaci\u00f3n de pol\u00edtica insuficiente en Omnibox en Google Chrome versiones anteriores a la versi\u00f3n 79.0.3945.79, permiti\u00f3 a un atacante remoto falsificar el contenido del Omnibox (barra URL) por medio de una p\u00e1gina HTML especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"79.0.3945.79\",\"matchCriteriaId\":\"D3900404-81EC-4968-BD74-1630F385643D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"EB779E2B-B0A9-41F4-9000-4BAB848E7677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"142A2E7B-9B0D-4335-8C92-FC9A6381DC8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"6194D474-EEEA-41FD-8FE8-090A9C10BDBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"1C493BF1-8890-4A3A-A207-FA5273259F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"F4C70C61-4DE2-49BE-81EA-9BCAC6F31C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"61F3999C-19F8-4723-8AC9-687FEFF27BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5F492BA1-72AD-4302-985E-EB2E465FC22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"BD58D619-D524-4690-85E4-ECE3B984D4B1\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4238\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/999932\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/27\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-08\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4606\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2019_4238
Vulnerability from csaf_redhat
Published
2019-12-16 09:09
Modified
2024-11-15 04:13
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 79.0.3945.79.
Security Fix(es):
* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)
* chromium-browser: Heap buffer overflow in password manager (CVE-2019-13726)
* chromium-browser: Insufficient policy enforcement in WebSockets (CVE-2019-13727)
* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)
* chromium-browser: Use after free in WebSockets (CVE-2019-13729)
* chromium-browser: Type Confusion in V8 (CVE-2019-13730)
* chromium-browser: Use after free in WebAudio (CVE-2019-13732)
* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)
* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)
* chromium-browser: Type Confusion in V8 (CVE-2019-13764)
* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)
* chromium-browser: Insufficient policy enforcement in autocomplete (CVE-2019-13737)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13738)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)
* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)
* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-13741)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)
* chromium-browser: Incorrect security UI in external protocol handling (CVE-2019-13743)
* chromium-browser: Insufficient policy enforcement in cookies (CVE-2019-13744)
* chromium-browser: Insufficient policy enforcement in audio (CVE-2019-13745)
* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-13746)
* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)
* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2019-13748)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)
* chromium-browser: Insufficient data validation in SQLite (CVE-2019-13750)
* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)
* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)
* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13754)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13755)
* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13758)
* chromium-browser: Incorrect security UI in interstitials (CVE-2019-13759)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2019-13762)
* chromium-browser: Insufficient policy enforcement in payments (CVE-2019-13763)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 79.0.3945.79.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)\n\n* chromium-browser: Heap buffer overflow in password manager (CVE-2019-13726)\n\n* chromium-browser: Insufficient policy enforcement in WebSockets (CVE-2019-13727)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)\n\n* chromium-browser: Use after free in WebSockets (CVE-2019-13729)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13730)\n\n* chromium-browser: Use after free in WebAudio (CVE-2019-13732)\n\n* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13764)\n\n* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)\n\n* chromium-browser: Insufficient policy enforcement in autocomplete (CVE-2019-13737)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13738)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)\n\n* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)\n\n* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-13741)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)\n\n* chromium-browser: Incorrect security UI in external protocol handling (CVE-2019-13743)\n\n* chromium-browser: Insufficient policy enforcement in cookies (CVE-2019-13744)\n\n* chromium-browser: Insufficient policy enforcement in audio (CVE-2019-13745)\n\n* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-13746)\n\n* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)\n\n* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2019-13748)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)\n\n* chromium-browser: Insufficient data validation in SQLite (CVE-2019-13750)\n\n* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13754)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13755)\n\n* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13758)\n\n* chromium-browser: Incorrect security UI in interstitials (CVE-2019-13759)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)\n\n* chromium-browser: Insufficient policy enforcement in downloads (CVE-2019-13762)\n\n* chromium-browser: Insufficient policy enforcement in payments (CVE-2019-13763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:4238", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "1781973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781973" }, { "category": "external", "summary": "1781974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781974" }, { "category": "external", "summary": "1781975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781975" }, { "category": "external", "summary": "1781976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781976" }, { "category": "external", "summary": "1781977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781977" }, { "category": "external", "summary": "1781978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781978" }, { "category": "external", "summary": "1781979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781979" }, { "category": "external", "summary": "1781980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781980" }, { "category": "external", "summary": "1781981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781981" }, { "category": "external", "summary": "1781982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781982" }, { "category": "external", "summary": "1781983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781983" }, { "category": "external", "summary": "1781984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781984" }, { "category": "external", "summary": "1781985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781985" }, { "category": "external", "summary": "1781986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781986" }, { "category": "external", "summary": "1781987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781987" }, { "category": "external", "summary": "1781988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781988" }, { "category": "external", "summary": "1781989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781989" }, { "category": "external", "summary": "1781990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781990" }, { "category": "external", "summary": "1781991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781991" }, { "category": "external", "summary": "1781992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781992" }, { "category": "external", "summary": "1781993", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781993" }, { "category": "external", "summary": "1781994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781994" }, { "category": "external", "summary": "1781995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781995" }, { "category": "external", "summary": "1781997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781997" }, { "category": "external", "summary": "1781998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781998" }, { "category": "external", "summary": "1781999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781999" }, { "category": "external", "summary": "1782000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782000" }, { "category": "external", "summary": "1782001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782001" }, { "category": "external", "summary": "1782002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782002" }, { "category": "external", "summary": "1782003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782003" }, { "category": "external", "summary": "1782004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782004" }, { "category": "external", "summary": "1782005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782005" }, { "category": "external", "summary": "1782006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782006" }, { "category": "external", "summary": "1782007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782007" }, { "category": "external", "summary": "1782008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782008" }, { "category": "external", "summary": "1782017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782017" }, { "category": "external", "summary": "1782021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782021" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4238.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-15T04:13:35+00:00", "generator": { "date": "2024-11-15T04:13:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:4238", "initial_release_date": "2019-12-16T09:09:31+00:00", "revision_history": [ { "date": "2019-12-16T09:09:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-12-16T09:09:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T04:13:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "product": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "product_id": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@79.0.3945.79-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@79.0.3945.79-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "product_id": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@79.0.3945.79-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@79.0.3945.79-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-13725", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781973" } ], "notes": [ { "category": "description", "text": "Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in Bluetooth", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13725" }, { "category": "external", "summary": "RHBZ#1781973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781973" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13725", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13725" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "chromium-browser: Use after free in Bluetooth" }, { "cve": "CVE-2019-13726", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781974" } ], "notes": [ { "category": "description", "text": "Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap buffer overflow in password manager", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13726" }, { "category": "external", "summary": "RHBZ#1781974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781974" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13726", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13726" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "chromium-browser: Heap buffer overflow in password manager" }, { "cve": "CVE-2019-13727", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781975" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in WebSockets", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13727" }, { "category": "external", "summary": "RHBZ#1781975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781975" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13727", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13727" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13727" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Insufficient policy enforcement in WebSockets" }, { "cve": "CVE-2019-13728", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781976" } ], "notes": [ { "category": "description", "text": "Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds write in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13728" }, { "category": "external", "summary": "RHBZ#1781976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13728", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13728" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds write in V8" }, { "cve": "CVE-2019-13729", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781977" } ], "notes": [ { "category": "description", "text": "Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebSockets", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13729" }, { "category": "external", "summary": "RHBZ#1781977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781977" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13729", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13729" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13729", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13729" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebSockets" }, { "cve": "CVE-2019-13730", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781978" } ], "notes": [ { "category": "description", "text": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type Confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13730" }, { "category": "external", "summary": "RHBZ#1781978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13730", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13730" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13730", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13730" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type Confusion in V8" }, { "cve": "CVE-2019-13732", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781979" } ], "notes": [ { "category": "description", "text": "Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in WebAudio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13732" }, { "category": "external", "summary": "RHBZ#1781979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781979" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13732", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13732" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use after free in WebAudio" }, { "cve": "CVE-2019-13734", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781980" } ], "notes": [ { "category": "description", "text": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve shadow table corruption detection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13734" }, { "category": "external", "summary": "RHBZ#1781980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781980" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13734", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13734" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "sqlite: fts3: improve shadow table corruption detection" }, { "cve": "CVE-2019-13735", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781981" } ], "notes": [ { "category": "description", "text": "Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds write in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13735" }, { "category": "external", "summary": "RHBZ#1781981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13735", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13735" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13735", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13735" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds write in V8" }, { "cve": "CVE-2019-13736", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781983" } ], "notes": [ { "category": "description", "text": "Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Integer overflow in PDFium", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13736" }, { "category": "external", "summary": "RHBZ#1781983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781983" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13736", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13736" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Integer overflow in PDFium" }, { "cve": "CVE-2019-13737", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781984" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in autocomplete", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13737" }, { "category": "external", "summary": "RHBZ#1781984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781984" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13737", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13737" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in autocomplete" }, { "cve": "CVE-2019-13738", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781985" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in navigation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13738" }, { "category": "external", "summary": "RHBZ#1781985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781985" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13738", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13738" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13738", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13738" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in navigation" }, { "cve": "CVE-2019-13739", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781986" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13739" }, { "category": "external", "summary": "RHBZ#1781986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781986" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13739", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13739" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13739", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13739" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13740", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781987" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in sharing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13740" }, { "category": "external", "summary": "RHBZ#1781987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781987" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13740", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13740" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13740", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13740" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in sharing" }, { "cve": "CVE-2019-13741", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781988" } ], "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient validation of untrusted input in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13741" }, { "category": "external", "summary": "RHBZ#1781988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781988" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13741", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13741" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13741", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13741" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient validation of untrusted input in Blink" }, { "cve": "CVE-2019-13742", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781989" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13742" }, { "category": "external", "summary": "RHBZ#1781989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781989" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13742", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13742" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13742", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13742" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13743", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781990" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in external protocol handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13743" }, { "category": "external", "summary": "RHBZ#1781990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781990" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13743", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13743" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13743", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13743" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in external protocol handling" }, { "cve": "CVE-2019-13744", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782021" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13744" }, { "category": "external", "summary": "RHBZ#1782021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782021" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13744", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13744" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13744", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13744" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in cookies" }, { "cve": "CVE-2019-13745", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781991" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in audio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13745" }, { "category": "external", "summary": "RHBZ#1781991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781991" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13745", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13745" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in audio" }, { "cve": "CVE-2019-13746", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781992" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13746" }, { "category": "external", "summary": "RHBZ#1781992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781992" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13746", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13746" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13746", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13746" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in Omnibox" }, { "cve": "CVE-2019-13747", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781993" } ], "notes": [ { "category": "description", "text": "Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Uninitialized Use in rendering", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13747" }, { "category": "external", "summary": "RHBZ#1781993", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781993" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13747", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13747" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13747", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13747" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Uninitialized Use in rendering" }, { "cve": "CVE-2019-13748", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781994" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in developer tools", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13748" }, { "category": "external", "summary": "RHBZ#1781994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13748", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13748" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in developer tools" }, { "cve": "CVE-2019-13749", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781995" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13749" }, { "category": "external", "summary": "RHBZ#1781995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781995" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13749", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13749" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13750", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781997" } ], "notes": [ { "category": "description", "text": "Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: dropping of shadow tables not restricted in defensive mode", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13750" }, { "category": "external", "summary": "RHBZ#1781997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781997" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13750", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13750" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: dropping of shadow tables not restricted in defensive mode" }, { "cve": "CVE-2019-13751", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781998" } ], "notes": [ { "category": "description", "text": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve detection of corrupted records", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13751" }, { "category": "external", "summary": "RHBZ#1781998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781998" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13751", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13751" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: improve detection of corrupted records" }, { "cve": "CVE-2019-13752", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781999" } ], "notes": [ { "category": "description", "text": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: improve shadow table corruption detection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13752" }, { "category": "external", "summary": "RHBZ#1781999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781999" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13752", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13752" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: improve shadow table corruption detection" }, { "cve": "CVE-2019-13753", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782000" } ], "notes": [ { "category": "description", "text": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: fts3: incorrectly removed corruption check", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13753" }, { "category": "external", "summary": "RHBZ#1782000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782000" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13753", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13753" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13753" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: fts3: incorrectly removed corruption check" }, { "cve": "CVE-2019-13754", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782001" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in extensions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13754" }, { "category": "external", "summary": "RHBZ#1782001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13754", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13754" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13754", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13754" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in extensions" }, { "cve": "CVE-2019-13755", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782002" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in extensions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13755" }, { "category": "external", "summary": "RHBZ#1782002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782002" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13755", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13755" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13755", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13755" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in extensions" }, { "cve": "CVE-2019-13756", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782003" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in printing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13756" }, { "category": "external", "summary": "RHBZ#1782003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13756", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13756" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13756", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13756" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in printing" }, { "cve": "CVE-2019-13757", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782004" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13757" }, { "category": "external", "summary": "RHBZ#1782004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13757", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13757" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13758", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782017" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in navigation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13758" }, { "category": "external", "summary": "RHBZ#1782017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782017" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13758", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13758" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in navigation" }, { "cve": "CVE-2019-13759", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782005" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in interstitials", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13759" }, { "category": "external", "summary": "RHBZ#1782005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782005" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13759", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13759" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in interstitials" }, { "cve": "CVE-2019-13761", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782006" } ], "notes": [ { "category": "description", "text": "Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13761" }, { "category": "external", "summary": "RHBZ#1782006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13761", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13761" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2019-13762", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782007" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in downloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13762" }, { "category": "external", "summary": "RHBZ#1782007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13762", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13762" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in downloads" }, { "cve": "CVE-2019-13763", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1782008" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in payments", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13763" }, { "category": "external", "summary": "RHBZ#1782008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13763", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13763" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13763", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13763" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in payments" }, { "cve": "CVE-2019-13764", "discovery_date": "2019-12-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1781982" } ], "notes": [ { "category": "description", "text": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type Confusion in V8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-13764" }, { "category": "external", "summary": "RHBZ#1781982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781982" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-13764", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13764" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" } ], "release_date": "2019-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-12-16T09:09:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:4238" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:79.0.3945.79-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:79.0.3945.79-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type Confusion in V8" } ] }
ghsa-7vm7-9gxr-vcrx
Vulnerability from github
Published
2022-05-24 17:03
Modified
2023-02-03 21:30
Severity ?
Details
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
{ "affected": [], "aliases": [ "CVE-2019-13746" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-12-10T22:15:00Z", "severity": "MODERATE" }, "details": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "id": "GHSA-7vm7-9gxr-vcrx", "modified": "2023-02-03T21:30:25Z", "published": "2022-05-24T17:03:00Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13746" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "type": "WEB", "url": "https://crbug.com/999932" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK" }, { "type": "WEB", "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202003-08" }, { "type": "WEB", "url": "https://www.debian.org/security/2020/dsa-4606" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
gsd-2019-13746
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-13746", "description": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "id": "GSD-2019-13746", "references": [ "https://www.suse.com/security/cve/CVE-2019-13746.html", "https://www.debian.org/security/2020/dsa-4606", "https://access.redhat.com/errata/RHSA-2019:4238", "https://advisories.mageia.org/CVE-2019-13746.html", "https://security.archlinux.org/CVE-2019-13746" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-13746" ], "details": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "id": "GSD-2019-13746", "modified": "2023-12-13T01:23:41.301053Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2019-13746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "79.0.3945.79" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficient policy enforcement" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/999932", "refsource": "MISC", "url": "https://crbug.com/999932" }, { "name": "RHSA-2019:4238", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-08" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "79.0.3945.79", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2019-13746" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/999932", "refsource": "MISC", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://crbug.com/999932" }, { "name": "RHSA-2019:4238", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:4238" }, { "name": "openSUSE-SU-2019:2692", "refsource": "SUSE", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html" }, { "name": "FEDORA-2019-1a10c04281", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" }, { "name": "openSUSE-SU-2019:2694", "refsource": "SUSE", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" }, { "name": "FEDORA-2020-4355ea258e", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" }, { "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", "refsource": "BUGTRAQ", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2020/Jan/27" }, { "name": "DSA-4606", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4606" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202003-08" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2023-02-03T20:49Z", "publishedDate": "2019-12-10T22:15Z" } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.