Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2015-1226
Vulnerability from cvelistv5
Published
2015-03-09 00:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name": "72901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/910053002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name": "72901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/910053002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456841",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name": "72901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://codereview.chromium.org/910053002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/910053002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1226",
"datePublished": "2015-03-09T00:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"40.0.2214.115\", \"matchCriteriaId\": \"8E4473BA-37DE-4AF1-A828-99AA9D83AAE7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qu\\u00e9 URLs est\\u00e1n disponibles como objetivos de depuraci\\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a trav\\u00e9s de una extensi\\u00f3n manipulada.\"}]",
"id": "CVE-2015-1226",
"lastModified": "2024-11-21T02:24:55.340",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-03-09T00:59:19.637",
"references": "[{\"url\": \"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0627.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/72901\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://code.google.com/p/chromium/issues/detail?id=456841\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/910053002\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201503-12\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0627.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/72901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://code.google.com/p/chromium/issues/detail?id=456841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/910053002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201503-12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1226\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2015-03-09T00:59:19.637\",\"lastModified\":\"2024-11-21T02:24:55.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qu\u00e9 URLs est\u00e1n disponibles como objetivos de depuraci\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a trav\u00e9s de una extensi\u00f3n manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"40.0.2214.115\",\"matchCriteriaId\":\"8E4473BA-37DE-4AF1-A828-99AA9D83AAE7\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0627.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/72901\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=456841\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/910053002\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201503-12\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0627.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/72901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=456841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/910053002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201503-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2015:0627
Vulnerability from csaf_redhat
Published
2015-03-05 13:59
Modified
2024-11-14 18:07
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,
CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,
CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,
CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.76, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,\nCVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,\nCVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,\nCVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 41.0.2272.76, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0627",
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"category": "external",
"summary": "1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0627.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:07:23+00:00",
"generator": {
"date": "2024-11-14T18:07:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0627",
"initial_release_date": "2015-03-05T13:59:42+00:00",
"revision_history": [
{
"date": "2015-03-05T13:59:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-03-05T13:59:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:07:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1213",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198519"
}
],
"notes": [
{
"category": "description",
"text": "The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1213"
},
{
"category": "external",
"summary": "RHBZ#1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1213",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1214",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198520"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1214"
},
{
"category": "external",
"summary": "RHBZ#1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1215",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198521"
}
],
"notes": [
{
"category": "description",
"text": "The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1215"
},
{
"category": "external",
"summary": "RHBZ#1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1216",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198522"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1216"
},
{
"category": "external",
"summary": "RHBZ#1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in v8 bindings"
},
{
"cve": "CVE-2015-1217",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198523"
}
],
"notes": [
{
"category": "description",
"text": "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1217"
},
{
"category": "external",
"summary": "RHBZ#1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8 bindings"
},
{
"cve": "CVE-2015-1218",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198525"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1218"
},
{
"category": "external",
"summary": "RHBZ#1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1218",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198526"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Integer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1219"
},
{
"category": "external",
"summary": "RHBZ#1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Integer overflow in webgl"
},
{
"cve": "CVE-2015-1220",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198527"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in gif decoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1220"
},
{
"category": "external",
"summary": "RHBZ#1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1220"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in gif decoder"
},
{
"cve": "CVE-2015-1221",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198528"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink\u0027s main thread, related to the shutdown function in web/WebKit.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in web databases",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1221"
},
{
"category": "external",
"summary": "RHBZ#1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1221",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in web databases"
},
{
"cve": "CVE-2015-1222",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198529"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in service workers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1222"
},
{
"category": "external",
"summary": "RHBZ#1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1222",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in service workers"
},
{
"cve": "CVE-2015-1223",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198530"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1223"
},
{
"category": "external",
"summary": "RHBZ#1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1223",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1224",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198531"
}
],
"notes": [
{
"category": "description",
"text": "The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in vpxdecoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1224"
},
{
"category": "external",
"summary": "RHBZ#1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1224",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in vpxdecoder"
},
{
"cve": "CVE-2015-1225",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198532"
}
],
"notes": [
{
"category": "description",
"text": "PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1225"
},
{
"category": "external",
"summary": "RHBZ#1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in pdfium"
},
{
"cve": "CVE-2015-1226",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198533"
}
],
"notes": [
{
"category": "description",
"text": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Validation issue in debugger",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1226"
},
{
"category": "external",
"summary": "RHBZ#1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1226",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Validation issue in debugger"
},
{
"cve": "CVE-2015-1227",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198534"
}
],
"notes": [
{
"category": "description",
"text": "The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1227"
},
{
"category": "external",
"summary": "RHBZ#1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in blink"
},
{
"cve": "CVE-2015-1228",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198535"
}
],
"notes": [
{
"category": "description",
"text": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in rendering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1228"
},
{
"category": "external",
"summary": "RHBZ#1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in rendering"
},
{
"cve": "CVE-2015-1229",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198536"
}
],
"notes": [
{
"category": "description",
"text": "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cookie injection in proxies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1229"
},
{
"category": "external",
"summary": "RHBZ#1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cookie injection in proxies"
},
{
"cve": "CVE-2015-1230",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198537"
}
],
"notes": [
{
"category": "description",
"text": "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1230"
},
{
"category": "external",
"summary": "RHBZ#1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1230",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8"
},
{
"cve": "CVE-2015-1231",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198542"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1231"
},
{
"category": "external",
"summary": "RHBZ#1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives."
},
{
"cve": "CVE-2015-1232",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205142"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1232"
},
{
"category": "external",
"summary": "RHBZ#1205142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in media"
}
]
}
rhsa-2015_0627
Vulnerability from csaf_redhat
Published
2015-03-05 13:59
Modified
2024-11-14 18:07
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,
CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,
CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,
CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.76, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,\nCVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,\nCVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,\nCVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 41.0.2272.76, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0627",
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"category": "external",
"summary": "1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0627.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:07:23+00:00",
"generator": {
"date": "2024-11-14T18:07:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0627",
"initial_release_date": "2015-03-05T13:59:42+00:00",
"revision_history": [
{
"date": "2015-03-05T13:59:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-03-05T13:59:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:07:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1213",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198519"
}
],
"notes": [
{
"category": "description",
"text": "The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1213"
},
{
"category": "external",
"summary": "RHBZ#1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1213",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1214",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198520"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1214"
},
{
"category": "external",
"summary": "RHBZ#1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1215",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198521"
}
],
"notes": [
{
"category": "description",
"text": "The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1215"
},
{
"category": "external",
"summary": "RHBZ#1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1216",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198522"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1216"
},
{
"category": "external",
"summary": "RHBZ#1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in v8 bindings"
},
{
"cve": "CVE-2015-1217",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198523"
}
],
"notes": [
{
"category": "description",
"text": "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1217"
},
{
"category": "external",
"summary": "RHBZ#1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8 bindings"
},
{
"cve": "CVE-2015-1218",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198525"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1218"
},
{
"category": "external",
"summary": "RHBZ#1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1218",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198526"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Integer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1219"
},
{
"category": "external",
"summary": "RHBZ#1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Integer overflow in webgl"
},
{
"cve": "CVE-2015-1220",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198527"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in gif decoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1220"
},
{
"category": "external",
"summary": "RHBZ#1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1220"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in gif decoder"
},
{
"cve": "CVE-2015-1221",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198528"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink\u0027s main thread, related to the shutdown function in web/WebKit.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in web databases",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1221"
},
{
"category": "external",
"summary": "RHBZ#1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1221",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in web databases"
},
{
"cve": "CVE-2015-1222",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198529"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in service workers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1222"
},
{
"category": "external",
"summary": "RHBZ#1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1222",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in service workers"
},
{
"cve": "CVE-2015-1223",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198530"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1223"
},
{
"category": "external",
"summary": "RHBZ#1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1223",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1224",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198531"
}
],
"notes": [
{
"category": "description",
"text": "The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in vpxdecoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1224"
},
{
"category": "external",
"summary": "RHBZ#1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1224",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in vpxdecoder"
},
{
"cve": "CVE-2015-1225",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198532"
}
],
"notes": [
{
"category": "description",
"text": "PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1225"
},
{
"category": "external",
"summary": "RHBZ#1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in pdfium"
},
{
"cve": "CVE-2015-1226",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198533"
}
],
"notes": [
{
"category": "description",
"text": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Validation issue in debugger",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1226"
},
{
"category": "external",
"summary": "RHBZ#1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1226",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Validation issue in debugger"
},
{
"cve": "CVE-2015-1227",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198534"
}
],
"notes": [
{
"category": "description",
"text": "The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1227"
},
{
"category": "external",
"summary": "RHBZ#1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in blink"
},
{
"cve": "CVE-2015-1228",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198535"
}
],
"notes": [
{
"category": "description",
"text": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in rendering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1228"
},
{
"category": "external",
"summary": "RHBZ#1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in rendering"
},
{
"cve": "CVE-2015-1229",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198536"
}
],
"notes": [
{
"category": "description",
"text": "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cookie injection in proxies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1229"
},
{
"category": "external",
"summary": "RHBZ#1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cookie injection in proxies"
},
{
"cve": "CVE-2015-1230",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198537"
}
],
"notes": [
{
"category": "description",
"text": "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1230"
},
{
"category": "external",
"summary": "RHBZ#1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1230",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8"
},
{
"cve": "CVE-2015-1231",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198542"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1231"
},
{
"category": "external",
"summary": "RHBZ#1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives."
},
{
"cve": "CVE-2015-1232",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205142"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1232"
},
{
"category": "external",
"summary": "RHBZ#1205142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in media"
}
]
}
RHSA-2015:0627
Vulnerability from csaf_redhat
Published
2015-03-05 13:59
Modified
2024-11-14 18:07
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,
CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,
CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,
CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 41.0.2272.76, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216,\nCVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221,\nCVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226,\nCVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 41.0.2272.76, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0627",
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"category": "external",
"summary": "1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0627.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:07:23+00:00",
"generator": {
"date": "2024-11-14T18:07:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0627",
"initial_release_date": "2015-03-05T13:59:42+00:00",
"revision_history": [
{
"date": "2015-03-05T13:59:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-03-05T13:59:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:07:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_id": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@41.0.2272.76-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1213",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198519"
}
],
"notes": [
{
"category": "description",
"text": "The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1213"
},
{
"category": "external",
"summary": "RHBZ#1198519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1213",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1213"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1214",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198520"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1214"
},
{
"category": "external",
"summary": "RHBZ#1198520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1214"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1215",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198521"
}
],
"notes": [
{
"category": "description",
"text": "The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in skia filters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1215"
},
{
"category": "external",
"summary": "RHBZ#1198521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1215"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in skia filters"
},
{
"cve": "CVE-2015-1216",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198522"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1216"
},
{
"category": "external",
"summary": "RHBZ#1198522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1216"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in v8 bindings"
},
{
"cve": "CVE-2015-1217",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198523"
}
],
"notes": [
{
"category": "description",
"text": "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8 bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1217"
},
{
"category": "external",
"summary": "RHBZ#1198523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1217"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1217"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8 bindings"
},
{
"cve": "CVE-2015-1218",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198525"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1218"
},
{
"category": "external",
"summary": "RHBZ#1198525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1218",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1218"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198526"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Integer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1219"
},
{
"category": "external",
"summary": "RHBZ#1198526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1219"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Integer overflow in webgl"
},
{
"cve": "CVE-2015-1220",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198527"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in gif decoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1220"
},
{
"category": "external",
"summary": "RHBZ#1198527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1220"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1220"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in gif decoder"
},
{
"cve": "CVE-2015-1221",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198528"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink\u0027s main thread, related to the shutdown function in web/WebKit.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in web databases",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1221"
},
{
"category": "external",
"summary": "RHBZ#1198528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1221",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1221"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in web databases"
},
{
"cve": "CVE-2015-1222",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198529"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in service workers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1222"
},
{
"category": "external",
"summary": "RHBZ#1198529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1222",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1222"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in service workers"
},
{
"cve": "CVE-2015-1223",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198530"
}
],
"notes": [
{
"category": "description",
"text": "Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in dom",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1223"
},
{
"category": "external",
"summary": "RHBZ#1198530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1223",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1223"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in dom"
},
{
"cve": "CVE-2015-1224",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198531"
}
],
"notes": [
{
"category": "description",
"text": "The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in vpxdecoder",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1224"
},
{
"category": "external",
"summary": "RHBZ#1198531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1224",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1224"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in vpxdecoder"
},
{
"cve": "CVE-2015-1225",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198532"
}
],
"notes": [
{
"category": "description",
"text": "PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1225"
},
{
"category": "external",
"summary": "RHBZ#1198532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1225"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in pdfium"
},
{
"cve": "CVE-2015-1226",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198533"
}
],
"notes": [
{
"category": "description",
"text": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Validation issue in debugger",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1226"
},
{
"category": "external",
"summary": "RHBZ#1198533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1226",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Validation issue in debugger"
},
{
"cve": "CVE-2015-1227",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198534"
}
],
"notes": [
{
"category": "description",
"text": "The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1227"
},
{
"category": "external",
"summary": "RHBZ#1198534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198534"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1227"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in blink"
},
{
"cve": "CVE-2015-1228",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198535"
}
],
"notes": [
{
"category": "description",
"text": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Uninitialized value in rendering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1228"
},
{
"category": "external",
"summary": "RHBZ#1198535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198535"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1228"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Uninitialized value in rendering"
},
{
"cve": "CVE-2015-1229",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198536"
}
],
"notes": [
{
"category": "description",
"text": "net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cookie injection in proxies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1229"
},
{
"category": "external",
"summary": "RHBZ#1198536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1229"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cookie injection in proxies"
},
{
"cve": "CVE-2015-1230",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198537"
}
],
"notes": [
{
"category": "description",
"text": "The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers \"type confusion.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1230"
},
{
"category": "external",
"summary": "RHBZ#1198537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198537"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1230",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1230"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in v8"
},
{
"cve": "CVE-2015-1231",
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1198542"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1231"
},
{
"category": "external",
"summary": "RHBZ#1198542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1231"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives."
},
{
"cve": "CVE-2015-1232",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205142"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1232"
},
{
"category": "external",
"summary": "RHBZ#1205142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1232"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
],
"release_date": "2015-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-03-05T13:59:42+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0627"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:41.0.2272.76-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:41.0.2272.76-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in media"
}
]
}
cve-2015-1226
Vulnerability from fkie_nvd
Published
2015-03-09 00:59
Modified
2024-11-21 02:24
Severity ?
Summary
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4473BA-37DE-4AF1-A828-99AA9D83AAE7",
"versionEndIncluding": "40.0.2214.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
},
{
"lang": "es",
"value": "La funci\u00f3n DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qu\u00e9 URLs est\u00e1n disponibles como objetivos de depuraci\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a trav\u00e9s de una extensi\u00f3n manipulada."
}
],
"id": "CVE-2015-1226",
"lastModified": "2024-11-21T02:24:55.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-09T00:59:19.637",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/72901"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/910053002"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/910053002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201503-12"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2015-1226
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-1226",
"description": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"id": "GSD-2015-1226",
"references": [
"https://www.suse.com/security/cve/CVE-2015-1226.html",
"https://access.redhat.com/errata/RHSA-2015:0627",
"https://advisories.mageia.org/CVE-2015-1226.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-1226"
],
"details": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"id": "GSD-2015-1226",
"modified": "2023-12-13T01:20:05.190550Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456841",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name": "72901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://codereview.chromium.org/910053002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/910053002"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "40.0.2214.115",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1226"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://codereview.chromium.org/910053002",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://codereview.chromium.org/910053002"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456841",
"refsource": "CONFIRM",
"tags": [],
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name": "RHSA-2015:0627",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name": "72901",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201503-12"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-12-22T02:59Z",
"publishedDate": "2015-03-09T00:59Z"
}
}
}
ghsa-vh5c-wx9j-3q9g
Vulnerability from github
Published
2022-05-17 03:20
Modified
2022-05-17 03:20
Details
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.
{
"affected": [],
"aliases": [
"CVE-2015-1226"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-03-09T00:59:00Z",
"severity": "MODERATE"
},
"details": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.",
"id": "GHSA-vh5c-wx9j-3q9g",
"modified": "2022-05-17T03:20:48Z",
"published": "2022-05-17T03:20:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1226"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/910053002"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/72901"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.