Action not permitted
Modal body text goes here.
CVE-2020-6387
Vulnerability from cvelistv5
Published
2020-02-11 14:42
Modified
2024-08-04 09:02
Severity ?
EPSS score ?
Summary
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:02:39.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://crbug.com/1042535" }, { "name": "openSUSE-SU-2020:0210", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "name": "RHSA-2020:0514", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "name": "openSUSE-SU-2020:0233", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "name": "DSA-4638", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "GLSA-202003-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "FEDORA-2020-f6271d7afa", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "80.0.3987.87", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream." } ], "problemTypes": [ { "descriptions": [ { "description": "Out of bounds write", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-27T12:06:41", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://crbug.com/1042535" }, { "name": "openSUSE-SU-2020:0210", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "name": "RHSA-2020:0514", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "name": "openSUSE-SU-2020:0233", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "name": "DSA-4638", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "GLSA-202003-08", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "FEDORA-2020-f6271d7afa", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-6387", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "80.0.3987.87" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds write" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/1042535", "refsource": "MISC", "url": "https://crbug.com/1042535" }, { "name": "openSUSE-SU-2020:0210", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "name": "RHSA-2020:0514", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "name": "openSUSE-SU-2020:0233", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "name": "DSA-4638", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "FEDORA-2020-f6271d7afa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2020-6387", "datePublished": "2020-02-11T14:42:11", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T09:02:39.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-6387\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2020-02-11T15:15:12.350\",\"lastModified\":\"2023-11-07T03:24:16.203\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.\"},{\"lang\":\"es\",\"value\":\"Una escritura fuera de l\u00edmites en WebRTC en Google Chrome versiones anteriores a 80.0.3987.87, permiti\u00f3 a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una transmisi\u00f3n de video dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"80.0.3987.87\",\"matchCriteriaId\":\"330F53AF-8692-40A0-B0F5-347B2F7E8A88\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0514\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1042535\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/202003-08\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4638\",\"source\":\"chrome-cve-admin@google.com\"}]}}" } }
rhsa-2020_0514
Vulnerability from csaf_redhat
Published
2020-02-17 09:31
Modified
2024-11-05 21:48
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 80.0.3987.87.
Security Fix(es):
* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)
* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)
* chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)
* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)
* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)
* libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)
* sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880)
* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)
* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)
* sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)
* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394)
* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)
* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)
* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)
* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)
* chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)
* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)
* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)
* chromium-browser: Use after free in audio (CVE-2020-6406)
* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)
* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)
* chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)
* chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)
* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)
* chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 80.0.3987.87.\n\nSecurity Fix(es):\n\n* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)\n\n* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)\n\n* chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)\n\n* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)\n\n* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)\n\n* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)\n\n* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)\n\n* libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)\n\n* sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880)\n\n* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)\n\n* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)\n\n* sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)\n\n* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)\n\n* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393)\n\n* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394)\n\n* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)\n\n* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)\n\n* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)\n\n* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)\n\n* chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)\n\n* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)\n\n* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401)\n\n* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)\n\n* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)\n\n* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)\n\n* chromium-browser: Use after free in audio (CVE-2020-6406)\n\n* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)\n\n* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)\n\n* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411)\n\n* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412)\n\n* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)\n\n* chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)\n\n* chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)\n\n* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)\n\n* chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0514", "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1770768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768" }, { "category": "external", "summary": "1787032", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1787032" }, { "category": "external", "summary": "1788846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788846" }, { "category": "external", "summary": "1788866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788866" }, { "category": "external", "summary": "1789364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789364" }, { "category": "external", "summary": "1801160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801160" }, { "category": "external", "summary": "1801161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801161" }, { "category": "external", "summary": "1801162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801162" }, { "category": "external", "summary": "1801163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801163" }, { "category": "external", "summary": "1801164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801164" }, { "category": "external", "summary": "1801165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801165" }, { "category": "external", "summary": "1801166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801166" }, { "category": "external", "summary": "1801167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801167" }, { "category": "external", "summary": "1801168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801168" }, { "category": "external", "summary": "1801169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801169" }, { "category": "external", "summary": "1801170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801170" }, { "category": "external", "summary": "1801171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801171" }, { "category": "external", "summary": "1801172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801172" }, { "category": "external", "summary": "1801173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801173" }, { "category": "external", "summary": "1801174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801174" }, { "category": "external", "summary": "1801175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801175" }, { "category": "external", "summary": "1801176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801176" }, { "category": "external", "summary": "1801177", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801177" }, { "category": "external", "summary": "1801178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801178" }, { "category": "external", "summary": "1801179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801179" }, { "category": "external", "summary": "1801180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801180" }, { "category": "external", "summary": "1801181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801181" }, { "category": "external", "summary": "1801182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801182" }, { "category": "external", "summary": "1801184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801184" }, { "category": "external", "summary": "1801185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801185" }, { "category": "external", "summary": "1801186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801186" }, { "category": "external", "summary": "1801187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801187" }, { "category": "external", "summary": "1801188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801188" }, { "category": "external", "summary": "1801189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801189" }, { "category": "external", "summary": "1801190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801190" }, { "category": "external", "summary": "1801191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801191" }, { "category": "external", "summary": "1801192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801192" }, { "category": "external", "summary": "1801193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801193" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0514.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-05T21:48:04+00:00", "generator": { "date": "2024-11-05T21:48:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:0514", "initial_release_date": "2020-02-17T09:31:11+00:00", "revision_history": [ { "date": "2020-02-17T09:31:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-02-17T09:31:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T21:48:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "product": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "product_id": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.87-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "product_id": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.87-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "product": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "product_id": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@80.0.3987.87-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "product": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "product_id": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@80.0.3987.87-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)", "product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-18197", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1770768" } ], "notes": [ { "category": "description", "text": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack consumes fixes from the base Red Hat Enterprise Linux Operating System. Therefore the libxslt package provided by Red Hat OpenStack has been marked as \u0027will not fix\u0027.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-18197" }, { "category": "external", "summary": "RHBZ#1770768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-18197", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197" } ], "release_date": "2019-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure" }, { "cve": "CVE-2019-19880", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-12-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1787032" } ], "notes": [ { "category": "description", "text": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: invalid pointer dereference in exprListAppendList in window.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19880" }, { "category": "external", "summary": "RHBZ#1787032", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1787032" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19880", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19880" } ], "release_date": "2019-12-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: invalid pointer dereference in exprListAppendList in window.c" }, { "cve": "CVE-2019-19923", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788846" } ], "notes": [ { "category": "description", "text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19923" }, { "category": "external", "summary": "RHBZ#1788846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19923", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923" } ], "release_date": "2020-01-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference" }, { "cve": "CVE-2019-19925", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-01-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1788866" } ], "notes": [ { "category": "description", "text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive", "title": "Vulnerability summary" }, { "category": "other", "text": "The zip extension was introduced in sqlite-3.22.0, therefore previous versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19925" }, { "category": "external", "summary": "RHBZ#1788866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788866" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19925", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19925" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19925", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19925" } ], "release_date": "2020-01-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive" }, { "cve": "CVE-2019-19926", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2019-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789364" } ], "notes": [ { "category": "description", "text": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability exists because of an incomplete fix for CVE-2019-19880. Currently Red Hat Products shipping sqlite have not fixed CVE-2019-19880 and therefore are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19926" }, { "category": "external", "summary": "RHBZ#1789364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19926", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19926" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19926", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19926" } ], "release_date": "2019-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880" }, { "cve": "CVE-2020-6381", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801160" } ], "notes": [ { "category": "description", "text": "Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Integer overflow in JavaScript", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6381" }, { "category": "external", "summary": "RHBZ#1801160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801160" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6381", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6381" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6381", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6381" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Integer overflow in JavaScript" }, { "cve": "CVE-2020-6382", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801161" } ], "notes": [ { "category": "description", "text": "Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Type Confusion in JavaScript", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6382" }, { "category": "external", "summary": "RHBZ#1801161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6382", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6382" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Type Confusion in JavaScript" }, { "cve": "CVE-2020-6385", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801162" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in storage", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6385" }, { "category": "external", "summary": "RHBZ#1801162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801162" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6385", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6385" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Insufficient policy enforcement in storage" }, { "cve": "CVE-2020-6387", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801163" } ], "notes": [ { "category": "description", "text": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds write in WebRTC", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6387" }, { "category": "external", "summary": "RHBZ#1801163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801163" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6387", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6387" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6387", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6387" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds write in WebRTC" }, { "cve": "CVE-2020-6388", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801164" } ], "notes": [ { "category": "description", "text": "Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds memory access in WebAudio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6388" }, { "category": "external", "summary": "RHBZ#1801164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801164" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6388" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds memory access in WebAudio" }, { "cve": "CVE-2020-6389", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801165" } ], "notes": [ { "category": "description", "text": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds write in WebRTC", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6389" }, { "category": "external", "summary": "RHBZ#1801165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801165" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6389", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6389" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6389", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6389" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds write in WebRTC" }, { "cve": "CVE-2020-6390", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801166" } ], "notes": [ { "category": "description", "text": "Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds memory access in streams", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6390" }, { "category": "external", "summary": "RHBZ#1801166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801166" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6390", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6390" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6390", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6390" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Out of bounds memory access in streams" }, { "cve": "CVE-2020-6391", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801167" } ], "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient validation of untrusted input in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6391" }, { "category": "external", "summary": "RHBZ#1801167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6391", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6391" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6391", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6391" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient validation of untrusted input in Blink" }, { "cve": "CVE-2020-6392", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801168" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in extensions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6392" }, { "category": "external", "summary": "RHBZ#1801168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801168" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6392", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6392" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in extensions" }, { "cve": "CVE-2020-6393", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801169" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6393" }, { "category": "external", "summary": "RHBZ#1801169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801169" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6393", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6393" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6393", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6393" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in Blink" }, { "cve": "CVE-2020-6394", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801170" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6394" }, { "category": "external", "summary": "RHBZ#1801170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801170" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6394", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6394" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6394", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6394" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in Blink" }, { "cve": "CVE-2020-6395", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801171" } ], "notes": [ { "category": "description", "text": "Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds read in JavaScript", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6395" }, { "category": "external", "summary": "RHBZ#1801171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6395", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6395" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6395", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6395" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Out of bounds read in JavaScript" }, { "cve": "CVE-2020-6396", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801172" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in Skia", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6396" }, { "category": "external", "summary": "RHBZ#1801172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801172" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6396", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6396" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6396", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6396" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Inappropriate implementation in Skia" }, { "cve": "CVE-2020-6397", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801173" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in sharing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6397" }, { "category": "external", "summary": "RHBZ#1801173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801173" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6397", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6397" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in sharing" }, { "cve": "CVE-2020-6398", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801174" } ], "notes": [ { "category": "description", "text": "Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Uninitialized use in PDFium", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6398" }, { "category": "external", "summary": "RHBZ#1801174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801174" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6398", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6398" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6398", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6398" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Uninitialized use in PDFium" }, { "cve": "CVE-2020-6399", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801175" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in AppCache", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6399" }, { "category": "external", "summary": "RHBZ#1801175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801175" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6399", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6399" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6399", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6399" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in AppCache" }, { "cve": "CVE-2020-6400", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801176" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in CORS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6400" }, { "category": "external", "summary": "RHBZ#1801176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801176" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6400", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6400" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6400", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6400" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Inappropriate implementation in CORS" }, { "cve": "CVE-2020-6401", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801177" } ], "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient validation of untrusted input in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6401" }, { "category": "external", "summary": "RHBZ#1801177", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801177" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6401", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6401" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6401", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6401" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient validation of untrusted input in Omnibox" }, { "cve": "CVE-2020-6402", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801178" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in downloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6402" }, { "category": "external", "summary": "RHBZ#1801178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801178" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6402", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6402" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6402", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6402" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in downloads" }, { "cve": "CVE-2020-6403", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801179" } ], "notes": [ { "category": "description", "text": "Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6403" }, { "category": "external", "summary": "RHBZ#1801179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801179" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6403", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6403" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6403" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Incorrect security UI in Omnibox" }, { "cve": "CVE-2020-6404", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801180" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6404" }, { "category": "external", "summary": "RHBZ#1801180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6404", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6404" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6404", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6404" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Inappropriate implementation in Blink" }, { "cve": "CVE-2020-6405", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801181" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read vulnerability was found in the SQLite component of the Chromium browser. A remote attacker could abuse this flaw to obtain potentially sensitive information from process memory via a crafted HTML page. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "sqlite: Out-of-bounds read in SELECT with ON/USING clause", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw did not affect the versions of SQLite as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the WHERE-clause constant propagation optimization, which was introduced in a later version of the package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6405" }, { "category": "external", "summary": "RHBZ#1801181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801181" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6405", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6405" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6405", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6405" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-01-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sqlite: Out-of-bounds read in SELECT with ON/USING clause" }, { "cve": "CVE-2020-6406", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801182" } ], "notes": [ { "category": "description", "text": "Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use after free in audio", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6406" }, { "category": "external", "summary": "RHBZ#1801182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6406", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6406" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6406", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6406" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Use after free in audio" }, { "cve": "CVE-2020-6408", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801184" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in CORS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6408" }, { "category": "external", "summary": "RHBZ#1801184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6408", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6408" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6408" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in CORS" }, { "cve": "CVE-2020-6409", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801185" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6409" }, { "category": "external", "summary": "RHBZ#1801185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801185" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6409", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6409" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Inappropriate implementation in Omnibox" }, { "cve": "CVE-2020-6410", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801186" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in navigation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6410" }, { "category": "external", "summary": "RHBZ#1801186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6410", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6410" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in navigation" }, { "cve": "CVE-2020-6411", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801187" } ], "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient validation of untrusted input in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6411" }, { "category": "external", "summary": "RHBZ#1801187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801187" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6411", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6411" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6411", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6411" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient validation of untrusted input in Omnibox" }, { "cve": "CVE-2020-6412", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801188" } ], "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient validation of untrusted input in Omnibox", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6412" }, { "category": "external", "summary": "RHBZ#1801188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801188" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6412", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6412" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient validation of untrusted input in Omnibox" }, { "cve": "CVE-2020-6413", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801189" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in Blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6413" }, { "category": "external", "summary": "RHBZ#1801189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801189" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6413", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6413" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6413", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6413" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Inappropriate implementation in Blink" }, { "cve": "CVE-2020-6414", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801190" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in Safe Browsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6414" }, { "category": "external", "summary": "RHBZ#1801190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801190" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6414", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6414" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6414", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6414" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient policy enforcement in Safe Browsing" }, { "cve": "CVE-2020-6415", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801191" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in JavaScript", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6415" }, { "category": "external", "summary": "RHBZ#1801191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801191" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6415", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6415" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Inappropriate implementation in JavaScript" }, { "cve": "CVE-2020-6416", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801192" } ], "notes": [ { "category": "description", "text": "Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient data validation in streams", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6416" }, { "category": "external", "summary": "RHBZ#1801192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801192" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6416", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6416" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6416", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6416" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Insufficient data validation in streams" }, { "cve": "CVE-2020-6417", "discovery_date": "2020-02-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1801193" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in installer", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6417" }, { "category": "external", "summary": "RHBZ#1801193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6417", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6417" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6417", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6417" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Inappropriate implementation in installer" }, { "cve": "CVE-2020-6499", "discovery_date": "2020-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1844539" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in AppCache", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6499" }, { "category": "external", "summary": "RHBZ#1844539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844539" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6499", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6499" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6499", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6499" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Inappropriate implementation in AppCache" }, { "cve": "CVE-2020-6500", "discovery_date": "2020-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1844542" } ], "notes": [ { "category": "description", "text": "Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Inappropriate implementation in interstitials", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6500" }, { "category": "external", "summary": "RHBZ#1844542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6500", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6500" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Inappropriate implementation in interstitials" }, { "cve": "CVE-2020-6501", "discovery_date": "2020-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1844546" } ], "notes": [ { "category": "description", "text": "Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Insufficient policy enforcement in CSP", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6501" }, { "category": "external", "summary": "RHBZ#1844546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844546" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6501", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6501" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6501", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6501" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Insufficient policy enforcement in CSP" }, { "cve": "CVE-2020-6502", "discovery_date": "2020-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1844549" } ], "notes": [ { "category": "description", "text": "Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Incorrect security UI in permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-6502" }, { "category": "external", "summary": "RHBZ#1844549", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844549" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6502", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6502" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6502", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6502" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" } ], "release_date": "2020-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-02-17T09:31:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0514" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-0:80.0.3987.87-1.el6_10.x86_64", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.i686", "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:80.0.3987.87-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Incorrect security UI in permissions" } ] }
gsd-2020-6387
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-6387", "description": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.", "id": "GSD-2020-6387", "references": [ "https://www.suse.com/security/cve/CVE-2020-6387.html", "https://www.debian.org/security/2020/dsa-4638", "https://access.redhat.com/errata/RHSA-2020:0514", "https://advisories.mageia.org/CVE-2020-6387.html", "https://security.archlinux.org/CVE-2020-6387" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-6387" ], "details": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.", "id": "GSD-2020-6387", "modified": "2023-12-13T01:21:55.318839Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-6387", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Chrome", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "80.0.3987.87" } ] } } ] }, "vendor_name": "Google" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out of bounds write" } ] } ] }, "references": { "reference_data": [ { "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { "name": "https://crbug.com/1042535", "refsource": "MISC", "url": "https://crbug.com/1042535" }, { "name": "openSUSE-SU-2020:0210", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "name": "RHSA-2020:0514", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "name": "openSUSE-SU-2020:0233", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "name": "DSA-4638", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "FEDORA-2020-f6271d7afa", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "80.0.3987.87", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2020-6387" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://crbug.com/1042535", "refsource": "MISC", "tags": [ "Permissions Required" ], "url": "https://crbug.com/1042535" }, { "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { "name": "openSUSE-SU-2020:0210", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "name": "RHSA-2020:0514", "refsource": "REDHAT", "tags": [], "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "name": "openSUSE-SU-2020:0233", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "name": "DSA-4638", "refsource": "DEBIAN", "tags": [], "url": "https://www.debian.org/security/2020/dsa-4638" }, { "name": "GLSA-202003-08", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/202003-08" }, { "name": "FEDORA-2020-f6271d7afa", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/" }, { "name": "FEDORA-2020-39e0b8bd14", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2020-02-12T13:15Z", "publishedDate": "2020-02-11T15:15Z" } } }
ghsa-965w-xmc8-fjj4
Vulnerability from github
Published
2022-05-24 17:08
Modified
2022-05-24 17:08
Details
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
{ "affected": [], "aliases": [ "CVE-2020-6387" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2020-02-11T15:15:00Z", "severity": "MODERATE" }, "details": "Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.", "id": "GHSA-965w-xmc8-fjj4", "modified": "2022-05-24T17:08:38Z", "published": "2022-05-24T17:08:38Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6387" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" }, { "type": "WEB", "url": "https://crbug.com/1042535" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" } ], "schema_version": "1.4.0", "severity": [] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.