rhsa-2017:2997
Vulnerability from csaf_redhat
Published
2017-10-20 08:39
Modified
2024-11-14 23:38
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 62.0.3202.62.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5132, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 62.0.3202.62.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5132, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:2997", url: "https://access.redhat.com/errata/RHSA-2017:2997", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, { category: "external", summary: "1503530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503530", }, { category: "external", summary: "1503531", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503531", }, { category: "external", summary: "1503532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503532", }, { category: "external", summary: "1503533", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503533", }, { category: "external", summary: "1503534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503534", }, { category: "external", summary: "1503535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503535", }, { category: "external", summary: "1503536", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503536", }, { category: "external", summary: "1503537", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503537", }, { category: "external", summary: "1503538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503538", }, { category: "external", summary: "1503539", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503539", }, { category: "external", summary: "1503540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503540", }, { category: "external", summary: "1503542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503542", }, { category: "external", summary: "1503543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503543", }, { category: "external", summary: "1503544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503544", }, { category: "external", summary: "1503545", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503545", }, { category: "external", summary: "1503546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503546", }, { category: "external", summary: "1503547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503547", }, { category: "external", summary: "1503548", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503548", }, { category: "external", summary: "1503549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503549", }, { category: "external", summary: "1503550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503550", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2997.json", }, ], title: "Red Hat Security Advisory: chromium-browser security update", tracking: { current_release_date: "2024-11-14T23:38:10+00:00", generator: { date: "2024-11-14T23:38:10+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:2997", initial_release_date: "2017-10-20T08:39:11+00:00", revision_history: [ { date: "2017-10-20T08:39:11+00:00", number: "1", summary: "Initial version", }, { date: "2017-10-20T08:39:11+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:38:10+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", product_id: "6Client-Supplementary-6.9.z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_extras:6", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Supplementary (v. 6)", product: { name: "Red Hat Enterprise Linux Server Supplementary (v. 6)", product_id: "6Server-Supplementary-6.9.z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_extras:6", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", product_id: "6Workstation-Supplementary-6.9.z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_extras:6", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux Supplementary", }, { branches: [ { category: "product_version", name: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", product: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", product_id: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/chromium-browser@62.0.3202.62-2.el6_9?arch=x86_64", }, }, }, { category: "product_version", name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", product: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", product_id: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/chromium-browser-debuginfo@62.0.3202.62-2.el6_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "chromium-browser-0:62.0.3202.62-2.el6_9.i686", product: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.i686", product_id: "chromium-browser-0:62.0.3202.62-2.el6_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/chromium-browser@62.0.3202.62-2.el6_9?arch=i686", }, }, }, { category: "product_version", name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", product: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", product_id: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/chromium-browser-debuginfo@62.0.3202.62-2.el6_9?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", product_id: "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", }, product_reference: "chromium-browser-0:62.0.3202.62-2.el6_9.i686", relates_to_product_reference: "6Client-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", product_id: "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", }, product_reference: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", relates_to_product_reference: "6Client-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", product_id: "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", }, product_reference: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", relates_to_product_reference: "6Client-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", product_id: "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", }, product_reference: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", relates_to_product_reference: "6Client-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", product_id: "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", }, product_reference: "chromium-browser-0:62.0.3202.62-2.el6_9.i686", relates_to_product_reference: "6Server-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", product_id: "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", }, product_reference: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", relates_to_product_reference: "6Server-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", product_id: "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", }, product_reference: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", relates_to_product_reference: "6Server-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", product_id: "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", }, product_reference: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", relates_to_product_reference: "6Server-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", product_id: "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", }, product_reference: "chromium-browser-0:62.0.3202.62-2.el6_9.i686", relates_to_product_reference: "6Workstation-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", product_id: "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", }, product_reference: "chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", relates_to_product_reference: "6Workstation-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", product_id: "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", }, product_reference: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", relates_to_product_reference: "6Workstation-Supplementary-6.9.z", }, { category: "default_component_of", full_product_name: { name: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", product_id: "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", }, product_reference: "chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", relates_to_product_reference: "6Workstation-Supplementary-6.9.z", }, ], }, vulnerabilities: [ { cve: "CVE-2017-5124", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503530", }, ], notes: [ { category: "description", text: "Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: uxss with mhtml", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5124", }, { category: "external", summary: "RHBZ#1503530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5124", url: "https://www.cve.org/CVERecord?id=CVE-2017-5124", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5124", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5124", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: uxss with mhtml", }, { cve: "CVE-2017-5125", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503531", }, ], notes: [ { category: "description", text: "Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: heap overflow in skia", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5125", }, { category: "external", summary: "RHBZ#1503531", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503531", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5125", url: "https://www.cve.org/CVERecord?id=CVE-2017-5125", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5125", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5125", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: heap overflow in skia", }, { cve: "CVE-2017-5126", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503532", }, ], notes: [ { category: "description", text: "A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: use after free in pdfium", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5126", }, { category: "external", summary: "RHBZ#1503532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5126", url: "https://www.cve.org/CVERecord?id=CVE-2017-5126", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5126", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5126", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: use after free in pdfium", }, { cve: "CVE-2017-5127", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503533", }, ], notes: [ { category: "description", text: "Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: use after free in pdfium", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5127", }, { category: "external", summary: "RHBZ#1503533", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503533", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5127", url: "https://www.cve.org/CVERecord?id=CVE-2017-5127", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5127", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5127", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: use after free in pdfium", }, { cve: "CVE-2017-5128", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503534", }, ], notes: [ { category: "description", text: "Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: heap overflow in webgl", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5128", }, { category: "external", summary: "RHBZ#1503534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503534", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5128", url: "https://www.cve.org/CVERecord?id=CVE-2017-5128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5128", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5128", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: heap overflow in webgl", }, { cve: "CVE-2017-5129", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503535", }, ], notes: [ { category: "description", text: "A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: use after free in webaudio", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5129", }, { category: "external", summary: "RHBZ#1503535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503535", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5129", url: "https://www.cve.org/CVERecord?id=CVE-2017-5129", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5129", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5129", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: use after free in webaudio", }, { cve: "CVE-2017-5130", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503537", }, ], notes: [ { category: "description", text: "A heap overflow flaw was found in the libxml2 library. An application compiled with libxml2 using the vulnerable debug-only function xmlMemoryStrdup could be used by an attacker to crash the application or execute arbitrary code with the permission of the user running the application.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: heap overflow in libxml2", title: "Vulnerability summary", }, { category: "other", text: "This issue does not affect the libxml library shipped with Red Hat Enterprise Linux because the affected code xmlMemoryStrdup() is a debug-only function that should never be called in production builds. The only exception is xmllint when invoked with --maxmem. The same issue applies to the other two affected functions namely xmlMallocLoc and xmlReallocLoc.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5130", }, { category: "external", summary: "RHBZ#1503537", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503537", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5130", url: "https://www.cve.org/CVERecord?id=CVE-2017-5130", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5130", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5130", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: heap overflow in libxml2", }, { cve: "CVE-2017-5131", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503538", }, ], notes: [ { category: "description", text: "An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: out of bounds write in skia", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5131", }, { category: "external", summary: "RHBZ#1503538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503538", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5131", url: "https://www.cve.org/CVERecord?id=CVE-2017-5131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5131", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5131", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: out of bounds write in skia", }, { cve: "CVE-2017-5132", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503536", }, ], notes: [ { category: "description", text: "Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: incorrect stack manipulation in webassembly", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5132", }, { category: "external", summary: "RHBZ#1503536", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503536", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5132", url: "https://www.cve.org/CVERecord?id=CVE-2017-5132", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5132", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5132", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "chromium-browser: incorrect stack manipulation in webassembly", }, { cve: "CVE-2017-5133", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503539", }, ], notes: [ { category: "description", text: "Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: out of bounds write in skia", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5133", }, { category: "external", summary: "RHBZ#1503539", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503539", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5133", url: "https://www.cve.org/CVERecord?id=CVE-2017-5133", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5133", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5133", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: out of bounds write in skia", }, { cve: "CVE-2017-15386", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503540", }, ], notes: [ { category: "description", text: "Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: ui spoofing in blink", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15386", }, { category: "external", summary: "RHBZ#1503540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503540", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15386", url: "https://www.cve.org/CVERecord?id=CVE-2017-15386", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15386", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15386", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: ui spoofing in blink", }, { cve: "CVE-2017-15387", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503542", }, ], notes: [ { category: "description", text: "Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: content security bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15387", }, { category: "external", summary: "RHBZ#1503542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503542", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15387", url: "https://www.cve.org/CVERecord?id=CVE-2017-15387", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15387", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15387", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: content security bypass", }, { cve: "CVE-2017-15388", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503543", }, ], notes: [ { category: "description", text: "Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: out of bounds read in skia", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15388", }, { category: "external", summary: "RHBZ#1503543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503543", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15388", url: "https://www.cve.org/CVERecord?id=CVE-2017-15388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15388", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15388", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: out of bounds read in skia", }, { cve: "CVE-2017-15389", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503544", }, ], notes: [ { category: "description", text: "An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: url spoofing in omnibox", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15389", }, { category: "external", summary: "RHBZ#1503544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15389", url: "https://www.cve.org/CVERecord?id=CVE-2017-15389", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15389", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15389", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: url spoofing in omnibox", }, { cve: "CVE-2017-15390", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503545", }, ], notes: [ { category: "description", text: "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: url spoofing in omnibox", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15390", }, { category: "external", summary: "RHBZ#1503545", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503545", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15390", url: "https://www.cve.org/CVERecord?id=CVE-2017-15390", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15390", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15390", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "chromium-browser: url spoofing in omnibox", }, { cve: "CVE-2017-15391", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503546", }, ], notes: [ { category: "description", text: "Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: extension limitation bypass in extensions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15391", }, { category: "external", summary: "RHBZ#1503546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503546", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15391", url: "https://www.cve.org/CVERecord?id=CVE-2017-15391", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15391", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15391", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "chromium-browser: extension limitation bypass in extensions", }, { cve: "CVE-2017-15392", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503547", }, ], notes: [ { category: "description", text: "Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: incorrect registry key handling in platformintegration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15392", }, { category: "external", summary: "RHBZ#1503547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503547", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15392", url: "https://www.cve.org/CVERecord?id=CVE-2017-15392", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15392", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15392", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "chromium-browser: incorrect registry key handling in platformintegration", }, { cve: "CVE-2017-15393", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503548", }, ], notes: [ { category: "description", text: "Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: referrer leak in devtools", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15393", }, { category: "external", summary: "RHBZ#1503548", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503548", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15393", url: "https://www.cve.org/CVERecord?id=CVE-2017-15393", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15393", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15393", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "chromium-browser: referrer leak in devtools", }, { cve: "CVE-2017-15394", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503549", }, ], notes: [ { category: "description", text: "Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: url spoofing in extensions ui", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15394", }, { category: "external", summary: "RHBZ#1503549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503549", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15394", url: "https://www.cve.org/CVERecord?id=CVE-2017-15394", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15394", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15394", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "chromium-browser: url spoofing in extensions ui", }, { cve: "CVE-2017-15395", discovery_date: "2017-10-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1503550", }, ], notes: [ { category: "description", text: "A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.", title: "Vulnerability description", }, { category: "summary", text: "chromium-browser: null pointer dereference in imagecapture", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-15395", }, { category: "external", summary: "RHBZ#1503550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1503550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-15395", url: "https://www.cve.org/CVERecord?id=CVE-2017-15395", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-15395", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-15395", }, { category: "external", summary: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", url: "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", }, ], release_date: "2017-10-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-10-20T08:39:11+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", product_ids: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2997", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-0:62.0.3202.62-2.el6_9.x86_64", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.i686", "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:62.0.3202.62-2.el6_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "chromium-browser: null pointer dereference in imagecapture", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.