RHSA-2016_1854
Vulnerability from csaf_redhat - Published: 2016-09-12 19:39 - Updated: 2024-11-14 20:48Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.89.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1854",
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"category": "external",
"summary": "1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1854.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:48:08+00:00",
"generator": {
"date": "2024-11-14T20:48:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1854",
"initial_release_date": "2016-09-12T19:39:33+00:00",
"revision_history": [
{
"date": "2016-09-12T19:39:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-12T19:39:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:48:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372207"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "RHBZ#1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5148",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372208"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "RHBZ#1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5149",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372209"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "RHBZ#1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: script injection in extensions"
},
{
"cve": "CVE-2016-5150",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372210"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "RHBZ#1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5151",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372212"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "RHBZ#1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5152",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372213"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "RHBZ#1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5153",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372214"
}
],
"notes": [
{
"category": "description",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after destruction in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "RHBZ#1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after destruction in blink"
},
{
"cve": "CVE-2016-5154",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372215"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "RHBZ#1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5155",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372216"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "RHBZ#1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5156",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372217"
}
],
"notes": [
{
"category": "description",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in event bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "RHBZ#1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in event bindings"
},
{
"cve": "CVE-2016-5157",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372218"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "RHBZ#1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5158",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372219"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "RHBZ#1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc"
},
{
"cve": "CVE-2016-5159",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372220"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow in parsing of JPEG2000 code blocks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "RHBZ#1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow in parsing of JPEG2000 code blocks"
},
{
"cve": "CVE-2016-5160",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372228"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "RHBZ#1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5161",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372221"
}
],
"notes": [
{
"category": "description",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "RHBZ#1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: type confusion in blink"
},
{
"cve": "CVE-2016-5162",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372222"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "RHBZ#1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5162",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5163",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372223"
}
],
"notes": [
{
"category": "description",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "RHBZ#1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5163",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5164",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372224"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "RHBZ#1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5164",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss using devtools"
},
{
"cve": "CVE-2016-5165",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372225"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "RHBZ#1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: script injection in devtools"
},
{
"cve": "CVE-2016-5166",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372227"
}
],
"notes": [
{
"category": "description",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: smb relay attack via save page as",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "RHBZ#1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: smb relay attack via save page as"
},
{
"cve": "CVE-2016-5167",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372229"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5167"
},
{
"category": "external",
"summary": "RHBZ#1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…