Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-7549
Vulnerability from cvelistv5
Published
2016-09-25 20:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:54.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/556351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/646394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1534933002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "93160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/556351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/646394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1534933002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-7549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93160"
},
{
"name": "https://crbug.com/556351",
"refsource": "CONFIRM",
"url": "https://crbug.com/556351"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/646394",
"refsource": "CONFIRM",
"url": "https://crbug.com/646394"
},
{
"name": "https://codereview.chromium.org/1534933002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1534933002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-7549",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:54.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"53.0.2785.101\", \"matchCriteriaId\": \"AC271026-1CD7-42F7-8754-1C5144AD590B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.\"}, {\"lang\": \"es\", \"value\": \"Google Chrome en versiones anteriores a 53.0.2785.113 no asegura que el destinatario de cierto mensaje IPC es un RenderFrame o RenderWidget v\\u00e1lido, lo que permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (referencia a puntero no v\\u00e1lido y ca\\u00edda de aplicaci\\u00f3n) o tener otro posible impacto no especificado aprovechando el acceso a un proceso de renderizaci\\u00f3n, relacionado con render_frame_host_impl.cc y render_widget_host_impl.cc, como se demuestra por un mensaje Password Manager.\"}]",
"id": "CVE-2016-7549",
"lastModified": "2024-11-21T02:58:11.707",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-09-25T20:59:09.310",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1905.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/93160\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://codereview.chromium.org/1534933002\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/556351\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/646394\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1905.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/93160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://codereview.chromium.org/1534933002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/556351\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/646394\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7549\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-09-25T20:59:09.310\",\"lastModified\":\"2024-11-21T02:58:11.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.\"},{\"lang\":\"es\",\"value\":\"Google Chrome en versiones anteriores a 53.0.2785.113 no asegura que el destinatario de cierto mensaje IPC es un RenderFrame o RenderWidget v\u00e1lido, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero no v\u00e1lido y ca\u00edda de aplicaci\u00f3n) o tener otro posible impacto no especificado aprovechando el acceso a un proceso de renderizaci\u00f3n, relacionado con render_frame_host_impl.cc y render_widget_host_impl.cc, como se demuestra por un mensaje Password Manager.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"53.0.2785.101\",\"matchCriteriaId\":\"AC271026-1CD7-42F7-8754-1C5144AD590B\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1905.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/93160\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/1534933002\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/556351\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/646394\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1905.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/1534933002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/556351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/646394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
cve-2016-7549
Vulnerability from fkie_nvd
Published
2016-09-25 20:59
Modified
2024-11-21 02:58
Severity ?
Summary
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC271026-1CD7-42F7-8754-1C5144AD590B",
"versionEndIncluding": "53.0.2785.101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
},
{
"lang": "es",
"value": "Google Chrome en versiones anteriores a 53.0.2785.113 no asegura que el destinatario de cierto mensaje IPC es un RenderFrame o RenderWidget v\u00e1lido, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero no v\u00e1lido y ca\u00edda de aplicaci\u00f3n) o tener otro posible impacto no especificado aprovechando el acceso a un proceso de renderizaci\u00f3n, relacionado con render_frame_host_impl.cc y render_widget_host_impl.cc, como se demuestra por un mensaje Password Manager."
}
],
"id": "CVE-2016-7549",
"lastModified": "2024-11-21T02:58:11.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-25T20:59:09.310",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/93160"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://codereview.chromium.org/1534933002"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/556351"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/646394"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://codereview.chromium.org/1534933002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/556351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/646394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-qqhx-99jv-jg5r
Vulnerability from github
Published
2022-05-14 03:55
Modified
2022-05-14 03:55
Severity ?
Details
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.
{
"affected": [],
"aliases": [
"CVE-2016-7549"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-25T20:59:00Z",
"severity": "HIGH"
},
"details": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.",
"id": "GHSA-qqhx-99jv-jg5r",
"modified": "2022-05-14T03:55:50Z",
"published": "2022-05-14T03:55:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549"
},
{
"type": "WEB",
"url": "https://codereview.chromium.org/1534933002"
},
{
"type": "WEB",
"url": "https://crbug.com/556351"
},
{
"type": "WEB",
"url": "https://crbug.com/646394"
},
{
"type": "WEB",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93160"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
RHSA-2016:1905
Vulnerability from csaf_redhat
Published
2016-09-16 07:27
Modified
2024-11-14 20:49
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.113.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.113.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1905",
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"category": "external",
"summary": "1375863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863"
},
{
"category": "external",
"summary": "1375864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864"
},
{
"category": "external",
"summary": "1375865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865"
},
{
"category": "external",
"summary": "1375866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866"
},
{
"category": "external",
"summary": "1375867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867"
},
{
"category": "external",
"summary": "1375868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1905.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:49:00+00:00",
"generator": {
"date": "2024-11-14T20:49:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1905",
"initial_release_date": "2016-09-16T07:27:20+00:00",
"revision_history": [
{
"date": "2016-09-16T07:27:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-16T07:27:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:49:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5170",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375863"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5170"
},
{
"category": "external",
"summary": "RHBZ#1375863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5170",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5171",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375864"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5171"
},
{
"category": "external",
"summary": "RHBZ#1375864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5172",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375865"
}
],
"notes": [
{
"category": "description",
"text": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: arbitrary memory read in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5172"
},
{
"category": "external",
"summary": "RHBZ#1375865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5172",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: arbitrary memory read in v8"
},
{
"cve": "CVE-2016-5173",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375866"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extension resource access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5173"
},
{
"category": "external",
"summary": "RHBZ#1375866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5173",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extension resource access"
},
{
"cve": "CVE-2016-5174",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375867"
}
],
"notes": [
{
"category": "description",
"text": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: popup not correctly suppressed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5174"
},
{
"category": "external",
"summary": "RHBZ#1375867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: popup not correctly suppressed"
},
{
"cve": "CVE-2016-5175",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375868"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5175"
},
{
"category": "external",
"summary": "RHBZ#1375868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5175",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-5176",
"discovery_date": "2016-09-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1380331"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SafeBrowsing protection mechanism bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5176"
},
{
"category": "external",
"summary": "RHBZ#1380331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SafeBrowsing protection mechanism bypass"
},
{
"cve": "CVE-2016-7549",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2016-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1380301"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: DoS via invalid recipient of IPC message",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7549"
},
{
"category": "external",
"summary": "RHBZ#1380301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549"
}
],
"release_date": "2016-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: DoS via invalid recipient of IPC message"
}
]
}
rhsa-2016:1905
Vulnerability from csaf_redhat
Published
2016-09-16 07:27
Modified
2024-11-14 20:49
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.113.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.113.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1905",
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"category": "external",
"summary": "1375863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863"
},
{
"category": "external",
"summary": "1375864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864"
},
{
"category": "external",
"summary": "1375865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865"
},
{
"category": "external",
"summary": "1375866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866"
},
{
"category": "external",
"summary": "1375867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867"
},
{
"category": "external",
"summary": "1375868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1905.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:49:00+00:00",
"generator": {
"date": "2024-11-14T20:49:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1905",
"initial_release_date": "2016-09-16T07:27:20+00:00",
"revision_history": [
{
"date": "2016-09-16T07:27:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-16T07:27:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:49:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5170",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375863"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5170"
},
{
"category": "external",
"summary": "RHBZ#1375863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5170",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5171",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375864"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5171"
},
{
"category": "external",
"summary": "RHBZ#1375864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5172",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375865"
}
],
"notes": [
{
"category": "description",
"text": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: arbitrary memory read in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5172"
},
{
"category": "external",
"summary": "RHBZ#1375865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5172",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: arbitrary memory read in v8"
},
{
"cve": "CVE-2016-5173",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375866"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extension resource access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5173"
},
{
"category": "external",
"summary": "RHBZ#1375866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5173",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extension resource access"
},
{
"cve": "CVE-2016-5174",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375867"
}
],
"notes": [
{
"category": "description",
"text": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: popup not correctly suppressed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5174"
},
{
"category": "external",
"summary": "RHBZ#1375867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: popup not correctly suppressed"
},
{
"cve": "CVE-2016-5175",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375868"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5175"
},
{
"category": "external",
"summary": "RHBZ#1375868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5175",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-5176",
"discovery_date": "2016-09-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1380331"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SafeBrowsing protection mechanism bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5176"
},
{
"category": "external",
"summary": "RHBZ#1380331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SafeBrowsing protection mechanism bypass"
},
{
"cve": "CVE-2016-7549",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2016-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1380301"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: DoS via invalid recipient of IPC message",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7549"
},
{
"category": "external",
"summary": "RHBZ#1380301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549"
}
],
"release_date": "2016-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: DoS via invalid recipient of IPC message"
}
]
}
rhsa-2016_1905
Vulnerability from csaf_redhat
Published
2016-09-16 07:27
Modified
2024-11-14 20:49
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.113.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.113.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1905",
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"category": "external",
"summary": "1375863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863"
},
{
"category": "external",
"summary": "1375864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864"
},
{
"category": "external",
"summary": "1375865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865"
},
{
"category": "external",
"summary": "1375866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866"
},
{
"category": "external",
"summary": "1375867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867"
},
{
"category": "external",
"summary": "1375868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1905.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:49:00+00:00",
"generator": {
"date": "2024-11-14T20:49:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1905",
"initial_release_date": "2016-09-16T07:27:20+00:00",
"revision_history": [
{
"date": "2016-09-16T07:27:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-16T07:27:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:49:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5170",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375863"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5170"
},
{
"category": "external",
"summary": "RHBZ#1375863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5170",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5171",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375864"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5171"
},
{
"category": "external",
"summary": "RHBZ#1375864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5172",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375865"
}
],
"notes": [
{
"category": "description",
"text": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: arbitrary memory read in v8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5172"
},
{
"category": "external",
"summary": "RHBZ#1375865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5172",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: arbitrary memory read in v8"
},
{
"cve": "CVE-2016-5173",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375866"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extension resource access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5173"
},
{
"category": "external",
"summary": "RHBZ#1375866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5173",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extension resource access"
},
{
"cve": "CVE-2016-5174",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375867"
}
],
"notes": [
{
"category": "description",
"text": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: popup not correctly suppressed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5174"
},
{
"category": "external",
"summary": "RHBZ#1375867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: popup not correctly suppressed"
},
{
"cve": "CVE-2016-5175",
"discovery_date": "2016-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375868"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5175"
},
{
"category": "external",
"summary": "RHBZ#1375868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5175",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
},
{
"cve": "CVE-2016-5176",
"discovery_date": "2016-09-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1380331"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SafeBrowsing protection mechanism bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5176"
},
{
"category": "external",
"summary": "RHBZ#1380331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html",
"url": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html"
}
],
"release_date": "2016-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SafeBrowsing protection mechanism bypass"
},
{
"cve": "CVE-2016-7549",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2016-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1380301"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: DoS via invalid recipient of IPC message",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7549"
},
{
"category": "external",
"summary": "RHBZ#1380301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7549"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549"
}
],
"release_date": "2016-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-16T07:27:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1905"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: DoS via invalid recipient of IPC message"
}
]
}
gsd-2016-7549
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7549",
"description": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.",
"id": "GSD-2016-7549",
"references": [
"https://access.redhat.com/errata/RHSA-2016:1905",
"https://ubuntu.com/security/CVE-2016-7549",
"https://www.suse.com/security/cve/CVE-2016-7549.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7549"
],
"details": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.",
"id": "GSD-2016-7549",
"modified": "2023-12-13T01:21:21.055990Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-7549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93160"
},
{
"name": "https://crbug.com/556351",
"refsource": "CONFIRM",
"url": "https://crbug.com/556351"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/646394",
"refsource": "CONFIRM",
"url": "https://crbug.com/646394"
},
{
"name": "https://codereview.chromium.org/1534933002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1534933002"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "53.0.2785.101",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-7549"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/556351",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://crbug.com/556351"
},
{
"name": "https://crbug.com/646394",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://crbug.com/646394"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/1534933002",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://codereview.chromium.org/1534933002"
},
{
"name": "93160",
"refsource": "BID",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/93160"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-05T02:31Z",
"publishedDate": "2016-09-25T20:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.