Action not permitted
Modal body text goes here.
cve-2015-1288
Vulnerability from cvelistv5
Published
2015-07-23 00:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T04:40:18.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2015:1499", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://codereview.chromium.org/1056103005" }, { "name": "openSUSE-SU-2015:1287", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" }, { "name": "1033031", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033031" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://code.google.com/p/chromium/issues/detail?id=479162" }, { "name": "GLSA-201603-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201603-09" }, { "name": "75973", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/75973" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "name": "DSA-3315", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3315" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-07-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-20T09:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "name": "RHSA-2015:1499", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://codereview.chromium.org/1056103005" }, { "name": "openSUSE-SU-2015:1287", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" }, { "name": "1033031", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033031" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://code.google.com/p/chromium/issues/detail?id=479162" }, { "name": "GLSA-201603-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201603-09" }, { "name": "75973", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/75973" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "name": "DSA-3315", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3315" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2015-1288", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2015:1499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" }, { "name": "https://codereview.chromium.org/1056103005", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/1056103005" }, { "name": "openSUSE-SU-2015:1287", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" }, { "name": "1033031", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033031" }, { "name": "https://code.google.com/p/chromium/issues/detail?id=479162", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=479162" }, { "name": "GLSA-201603-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-09" }, { "name": "75973", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75973" }, { "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "name": "DSA-3315", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3315" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-1288", "datePublished": "2015-07-23T00:00:00", "dateReserved": "2015-01-21T00:00:00", "dateUpdated": "2024-08-06T04:40:18.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2015-1288\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2015-07-23T00:59:17.350\",\"lastModified\":\"2023-11-07T02:24:40.787\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en la implementaci\u00f3n de Spellcheck API en Google Chrome en versiones anteriores a la 44.0.2403.89, no usa una sesi\u00f3n HTTPS para la descarga de un diccionario Hunspell, lo cual permite realizar ataques de man-in-the-middle empleados para ofrecer sugerencias de ortograf\u00eda incorrectas o posiblemente tener otro impacto no especificado a trav\u00e9s de archivos manipulados, un tema relacionado con CVE-2015-1263.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-17\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"43.0.2357.134\",\"matchCriteriaId\":\"4CD601FD-6060-4CC5-81DA-BDDE41485613\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C6E104-EDBC-481E-85B8-D39ED2058D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B74C62D-4A6D-4A4F-ADF6-A508322CD447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE561C57-71DE-434A-85BC-1FAAFDCC7058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E89B38A-3697-46DD-BB3F-E8D2373588BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1499.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3315\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/75973\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1033031\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=479162\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/1056103005\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201603-09\",\"source\":\"chrome-cve-admin@google.com\"}]}}" } }
rhsa-2015_1499
Vulnerability from csaf_redhat
Published
2015-07-27 09:08
Modified
2024-11-14 18:10
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273,
CVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279,
CVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285,
CVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 44.0.2403.89, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1271, CVE-2015-1270, CVE-2015-1272, CVE-2015-1273,\nCVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279,\nCVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285,\nCVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289, CVE-2015-5605)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 44.0.2403.89, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take \neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2015:1499", "url": "https://access.redhat.com/errata/RHSA-2015:1499" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "category": "external", "summary": "1245436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245436" }, { "category": "external", "summary": "1245574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245574" }, { "category": "external", "summary": "1245575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245575" }, { "category": "external", "summary": "1245576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245576" }, { "category": "external", "summary": "1245577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245577" }, { "category": "external", "summary": "1245580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245580" }, { "category": "external", "summary": "1245581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245581" }, { "category": "external", "summary": "1245582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245582" }, { "category": "external", "summary": "1245583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245583" }, { "category": "external", "summary": "1245585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245585" }, { "category": "external", "summary": "1245586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245586" }, { "category": "external", "summary": "1245587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587" }, { "category": "external", "summary": "1245588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245588" }, { "category": "external", "summary": "1245589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245589" }, { "category": "external", "summary": "1245590", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245590" }, { "category": "external", "summary": "1245591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245591" }, { "category": "external", "summary": "1245592", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245592" }, { "category": "external", "summary": "1245593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245593" }, { "category": "external", "summary": "1245955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245955" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1499.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-14T18:10:34+00:00", "generator": { "date": "2024-11-14T18:10:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2015:1499", "initial_release_date": "2015-07-27T09:08:30+00:00", "revision_history": [ { "date": "2015-07-27T09:08:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2015-07-27T09:08:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T18:10:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.7.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.7.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.7.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:44.0.2403.89-1.el6.x86_64", "product": { "name": "chromium-browser-0:44.0.2403.89-1.el6.x86_64", "product_id": "chromium-browser-0:44.0.2403.89-1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@44.0.2403.89-1.el6?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "product": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "product_id": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@44.0.2403.89-1.el6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:44.0.2403.89-1.el6.i686", "product": { "name": "chromium-browser-0:44.0.2403.89-1.el6.i686", "product_id": "chromium-browser-0:44.0.2403.89-1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@44.0.2403.89-1.el6?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "product": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "product_id": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@44.0.2403.89-1.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:44.0.2403.89-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686" }, "product_reference": "chromium-browser-0:44.0.2403.89-1.el6.i686", "relates_to_product_reference": "6Client-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:44.0.2403.89-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64" }, "product_reference": "chromium-browser-0:44.0.2403.89-1.el6.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686" }, "product_reference": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "relates_to_product_reference": "6Client-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:44.0.2403.89-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686" }, "product_reference": "chromium-browser-0:44.0.2403.89-1.el6.i686", "relates_to_product_reference": "6Server-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:44.0.2403.89-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64" }, "product_reference": "chromium-browser-0:44.0.2403.89-1.el6.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686" }, "product_reference": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "relates_to_product_reference": "6Server-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:44.0.2403.89-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686" }, "product_reference": "chromium-browser-0:44.0.2403.89-1.el6.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:44.0.2403.89-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64" }, "product_reference": "chromium-browser-0:44.0.2403.89-1.el6.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686" }, "product_reference": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.7.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-1270", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245574" } ], "notes": [ { "category": "description", "text": "The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.", "title": "Vulnerability description" }, { "category": "summary", "text": "ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of icu as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of icu as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1270" }, { "category": "external", "summary": "RHBZ#1245574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245574" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1270", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1270" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1270", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1270" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89" }, { "cve": "CVE-2015-1271", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245436" } ], "notes": [ { "category": "description", "text": "PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap-buffer-overflow in pdfium", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1271" }, { "category": "external", "summary": "RHBZ#1245436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245436" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1271", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1271" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1271", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1271" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Heap-buffer-overflow in pdfium" }, { "cve": "CVE-2015-1272", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245575" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use-after-free related to unexpected GPU process termination in unspecified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1272" }, { "category": "external", "summary": "RHBZ#1245575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1272", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1272" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1272", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1272" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Use-after-free related to unexpected GPU process termination in unspecified" }, { "cve": "CVE-2015-1273", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245576" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap-buffer-overflow in pdfium.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1273" }, { "category": "external", "summary": "RHBZ#1245576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1273", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1273" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1273", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1273" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Heap-buffer-overflow in pdfium." }, { "cve": "CVE-2015-1274", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245577" } ], "notes": [ { "category": "description", "text": "Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user\u0027s previous \"Always open files of this type\" choice, related to download_commands.cc and download_prefs.cc.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Settings allowed executable files to run immediately after download in unsepcified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1274" }, { "category": "external", "summary": "RHBZ#1245577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245577" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1274" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Settings allowed executable files to run immediately after download in unsepcified" }, { "cve": "CVE-2015-1276", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245580" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use-after-free in IndexedDB.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1276" }, { "category": "external", "summary": "RHBZ#1245580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1276", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1276" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1276", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1276" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use-after-free in IndexedDB." }, { "cve": "CVE-2015-1277", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245581" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use-after-free in accessibility.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1277" }, { "category": "external", "summary": "RHBZ#1245581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245581" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1277", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1277" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1277", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1277" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Use-after-free in accessibility." }, { "cve": "CVE-2015-1278", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245582" } ], "notes": [ { "category": "description", "text": "content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document\u0027s modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: URL spoofing using pdf files in unspecified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1278" }, { "category": "external", "summary": "RHBZ#1245582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245582" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1278", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1278" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1278", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1278" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: URL spoofing using pdf files in unspecified" }, { "cve": "CVE-2015-1279", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245583" } ], "notes": [ { "category": "description", "text": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap-buffer-overflow in pdfium.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1279" }, { "category": "external", "summary": "RHBZ#1245583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245583" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1279", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1279" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1279", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1279" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Heap-buffer-overflow in pdfium." }, { "cve": "CVE-2015-1280", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245584" } ], "notes": [ { "category": "description", "text": "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Memory corruption in skia", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1280" }, { "category": "external", "summary": "RHBZ#1245584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1280", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1280" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1280", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1280" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Memory corruption in skia" }, { "cve": "CVE-2015-1281", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245585" } ], "notes": [ { "category": "description", "text": "core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: CSP bypass in unspecified component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1281" }, { "category": "external", "summary": "RHBZ#1245585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1281", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1281" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1281", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1281" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: CSP bypass in unspecified component" }, { "cve": "CVE-2015-1282", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245586" } ], "notes": [ { "category": "description", "text": "Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use-after-free in pdfium.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1282" }, { "category": "external", "summary": "RHBZ#1245586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245586" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1282", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1282" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use-after-free in pdfium." }, { "cve": "CVE-2015-1283", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245587" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Heap-buffer-overflow in expat.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1283" }, { "category": "external", "summary": "RHBZ#1245587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245587" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1283", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1283" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1283", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1283" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Heap-buffer-overflow in expat." }, { "cve": "CVE-2015-1284", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245588" } ], "notes": [ { "category": "description", "text": "The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page\u0027s maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Use-after-free in blink.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1284" }, { "category": "external", "summary": "RHBZ#1245588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245588" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1284", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1284" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1284", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1284" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: Use-after-free in blink." }, { "cve": "CVE-2015-1285", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245589" } ], "notes": [ { "category": "description", "text": "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Information leak in XSS auditor.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1285" }, { "category": "external", "summary": "RHBZ#1245589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245589" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1285", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1285" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Information leak in XSS auditor." }, { "cve": "CVE-2015-1286", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245590" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\"", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: UXSS in blink.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1286" }, { "category": "external", "summary": "RHBZ#1245590", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245590" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1286", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1286" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1286", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1286" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: UXSS in blink." }, { "cve": "CVE-2015-1287", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245591" } ], "notes": [ { "category": "description", "text": "Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: SOP bypass with CSS in unspecified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1287" }, { "category": "external", "summary": "RHBZ#1245591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1287", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1287" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1287", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1287" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: SOP bypass with CSS in unspecified" }, { "cve": "CVE-2015-1288", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245592" } ], "notes": [ { "category": "description", "text": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1288" }, { "category": "external", "summary": "RHBZ#1245592", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245592" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1288", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1288" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1288", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1288" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified" }, { "cve": "CVE-2015-1289", "discovery_date": "2015-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245593" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-1289" }, { "category": "external", "summary": "RHBZ#1245593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245593" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1289", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1289" }, { "category": "external", "summary": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" } ], "release_date": "2015-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives" }, { "cve": "CVE-2015-5605", "discovery_date": "2015-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1245955" } ], "notes": [ { "category": "description", "text": "The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: v8 denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-5605" }, { "category": "external", "summary": "RHBZ#1245955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245955" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-5605", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5605" } ], "release_date": "2015-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2015-07-27T09:08:30+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2015:1499" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Client-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Server-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-0:44.0.2403.89-1.el6.x86_64", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.i686", "6Workstation-Supplementary-6.7.z:chromium-browser-debuginfo-0:44.0.2403.89-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: v8 denial of service" } ] }
gsd-2015-1288
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2015-1288", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "id": "GSD-2015-1288", "references": [ "https://www.suse.com/security/cve/CVE-2015-1288.html", "https://www.debian.org/security/2015/dsa-3315", "https://access.redhat.com/errata/RHSA-2015:1499", "https://advisories.mageia.org/CVE-2015-1288.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2015-1288" ], "details": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "id": "GSD-2015-1288", "modified": "2023-12-13T01:20:04.896317Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2015-1288", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2015:1499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" }, { "name": "https://codereview.chromium.org/1056103005", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/1056103005" }, { "name": "openSUSE-SU-2015:1287", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" }, { "name": "1033031", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033031" }, { "name": "https://code.google.com/p/chromium/issues/detail?id=479162", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=479162" }, { "name": "GLSA-201603-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201603-09" }, { "name": "75973", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75973" }, { "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "name": "DSA-3315", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3315" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "43.0.2357.134", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2015-1288" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-17" } ] } ] }, "references": { "reference_data": [ { "name": "https://codereview.chromium.org/1056103005", "refsource": "CONFIRM", "tags": [], "url": "https://codereview.chromium.org/1056103005" }, { "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "name": "https://code.google.com/p/chromium/issues/detail?id=479162", "refsource": "CONFIRM", "tags": [], "url": "https://code.google.com/p/chromium/issues/detail?id=479162" }, { "name": "RHSA-2015:1499", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" }, { "name": "DSA-3315", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2015/dsa-3315" }, { "name": "openSUSE-SU-2015:1287", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" }, { "name": "75973", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/75973" }, { "name": "GLSA-201603-09", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201603-09" }, { "name": "1033031", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1033031" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2018-10-30T16:27Z", "publishedDate": "2015-07-23T00:59Z" } } }
ghsa-gg9q-x7v7-56vv
Vulnerability from github
Published
2022-05-14 02:06
Modified
2022-05-14 02:06
Details
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
{ "affected": [], "aliases": [ "CVE-2015-1288" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2015-07-23T00:59:00Z", "severity": "MODERATE" }, "details": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "id": "GHSA-gg9q-x7v7-56vv", "modified": "2022-05-14T02:06:47Z", "published": "2022-05-14T02:06:47Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1288" }, { "type": "WEB", "url": "https://code.google.com/p/chromium/issues/detail?id=479162" }, { "type": "WEB", "url": "https://codereview.chromium.org/1056103005" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201603-09" }, { "type": "WEB", "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2015/dsa-3315" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/75973" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1033031" } ], "schema_version": "1.4.0", "severity": [] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.