Vulnerability-Lookup

RHSA-2018:3803

Vulnerability from csaf_redhat - Published: 2018-12-10 10:34 - Updated: 2026-01-13 22:32

Summary

Red Hat Security Advisory: chromium-browser security update

Severity

Important

Notes

Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 71.0.3578.80. Security Fix(es): * chromium-browser: Out of bounds write in V8 (CVE-2018-17480) * chromium-browser: Use after frees in PDFium (CVE-2018-17481) * chromium-browser: Heap buffer overflow in Skia (CVE-2018-18335) * chromium-browser: Use after free in PDFium (CVE-2018-18336) * chromium-browser: Use after free in Blink (CVE-2018-18337) * chromium-browser: Heap buffer overflow in Canvas (CVE-2018-18338) * chromium-browser: Use after free in WebAudio (CVE-2018-18339) * chromium-browser: Use after free in MediaRecorder (CVE-2018-18340) * chromium-browser: Heap buffer overflow in Blink (CVE-2018-18341) * chromium-browser: Out of bounds write in V8 (CVE-2018-18342) * chromium-browser: Use after free in Skia (CVE-2018-18343) * chromium-browser: Inappropriate implementation in Extensions (CVE-2018-18344) * chromium-browser: Inappropriate implementation in Site Isolation (CVE-2018-18345) * chromium-browser: Incorrect security UI in Blink (CVE-2018-18346) * chromium-browser: Inappropriate implementation in Navigation (CVE-2018-18347) * chromium-browser: Inappropriate implementation in Omnibox (CVE-2018-18348) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18349) * chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18350) * chromium-browser: Insufficient policy enforcement in Navigation (CVE-2018-18351) * chromium-browser: Inappropriate implementation in Media (CVE-2018-18352) * chromium-browser: Inappropriate implementation in Network Authentication (CVE-2018-18353) * chromium-browser: Insufficient data validation in Shell Integration (CVE-2018-18354) * chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18355) * chromium-browser: Use after free in Skia (CVE-2018-18356) * chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18357) * chromium-browser: Insufficient policy enforcement in Proxy (CVE-2018-18358) * chromium-browser: Out of bounds read in V8 (CVE-2018-18359) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2018-17480

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

CVE-2018-17481

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18336

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18337

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18338

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18339

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18340

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18341

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18342

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18343

Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18344

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18346

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18347

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18348

Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18350

Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18352

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18355

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18356

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-18357

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686	—	Vendor Fix fix
Unresolved product id: 6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

143 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:3803	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656547	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656548	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656549	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656550	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656551	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656552	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656553	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656554	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656555	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656556	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656557	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656558	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656559	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656560	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656561	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656562	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656563	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656564	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656565	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656566	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656567	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656568	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656569	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656570	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656571	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656572	external
https://bugzilla.redhat.com/show_bug.cgi?id=1656573	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-17480	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656547	external
https://www.cve.org/CVERecord?id=CVE-2018-17480	external
https://nvd.nist.gov/vuln/detail/CVE-2018-17480	external
https://chromereleases.googleblog.com/2018/12/sta…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://access.redhat.com/security/cve/CVE-2018-17481	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656548	external
https://www.cve.org/CVERecord?id=CVE-2018-17481	external
https://nvd.nist.gov/vuln/detail/CVE-2018-17481	external
https://access.redhat.com/security/cve/CVE-2018-18335	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656549	external
https://www.cve.org/CVERecord?id=CVE-2018-18335	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18335	external
https://access.redhat.com/security/cve/CVE-2018-18336	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656550	external
https://www.cve.org/CVERecord?id=CVE-2018-18336	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18336	external
https://access.redhat.com/security/cve/CVE-2018-18337	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656551	external
https://www.cve.org/CVERecord?id=CVE-2018-18337	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18337	external
https://access.redhat.com/security/cve/CVE-2018-18338	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656552	external
https://www.cve.org/CVERecord?id=CVE-2018-18338	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18338	external
https://access.redhat.com/security/cve/CVE-2018-18339	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656553	external
https://www.cve.org/CVERecord?id=CVE-2018-18339	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18339	external
https://access.redhat.com/security/cve/CVE-2018-18340	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656554	external
https://www.cve.org/CVERecord?id=CVE-2018-18340	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18340	external
https://access.redhat.com/security/cve/CVE-2018-18341	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656555	external
https://www.cve.org/CVERecord?id=CVE-2018-18341	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18341	external
https://access.redhat.com/security/cve/CVE-2018-18342	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656556	external
https://www.cve.org/CVERecord?id=CVE-2018-18342	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18342	external
https://access.redhat.com/security/cve/CVE-2018-18343	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656557	external
https://www.cve.org/CVERecord?id=CVE-2018-18343	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18343	external
https://access.redhat.com/security/cve/CVE-2018-18344	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656558	external
https://www.cve.org/CVERecord?id=CVE-2018-18344	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18344	external
https://access.redhat.com/security/cve/CVE-2018-18345	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656559	external
https://www.cve.org/CVERecord?id=CVE-2018-18345	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18345	external
https://access.redhat.com/security/cve/CVE-2018-18346	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656560	external
https://www.cve.org/CVERecord?id=CVE-2018-18346	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18346	external
https://access.redhat.com/security/cve/CVE-2018-18347	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656561	external
https://www.cve.org/CVERecord?id=CVE-2018-18347	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18347	external
https://access.redhat.com/security/cve/CVE-2018-18348	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656562	external
https://www.cve.org/CVERecord?id=CVE-2018-18348	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18348	external
https://access.redhat.com/security/cve/CVE-2018-18349	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656563	external
https://www.cve.org/CVERecord?id=CVE-2018-18349	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18349	external
https://access.redhat.com/security/cve/CVE-2018-18350	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656564	external
https://www.cve.org/CVERecord?id=CVE-2018-18350	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18350	external
https://access.redhat.com/security/cve/CVE-2018-18351	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656565	external
https://www.cve.org/CVERecord?id=CVE-2018-18351	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18351	external
https://access.redhat.com/security/cve/CVE-2018-18352	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656566	external
https://www.cve.org/CVERecord?id=CVE-2018-18352	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18352	external
https://access.redhat.com/security/cve/CVE-2018-18353	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656567	external
https://www.cve.org/CVERecord?id=CVE-2018-18353	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18353	external
https://access.redhat.com/security/cve/CVE-2018-18354	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656568	external
https://www.cve.org/CVERecord?id=CVE-2018-18354	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18354	external
https://access.redhat.com/security/cve/CVE-2018-18355	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656569	external
https://www.cve.org/CVERecord?id=CVE-2018-18355	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18355	external
https://access.redhat.com/security/cve/CVE-2018-18356	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656570	external
https://www.cve.org/CVERecord?id=CVE-2018-18356	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18356	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://access.redhat.com/security/cve/CVE-2018-18357	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656571	external
https://www.cve.org/CVERecord?id=CVE-2018-18357	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18357	external
https://access.redhat.com/security/cve/CVE-2018-18358	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656572	external
https://www.cve.org/CVERecord?id=CVE-2018-18358	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18358	external
https://access.redhat.com/security/cve/CVE-2018-18359	self
https://bugzilla.redhat.com/show_bug.cgi?id=1656573	external
https://www.cve.org/CVERecord?id=CVE-2018-18359	external
https://nvd.nist.gov/vuln/detail/CVE-2018-18359	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 71.0.3578.80.\n\nSecurity Fix(es):\n\n* chromium-browser: Out of bounds write in V8 (CVE-2018-17480)\n\n* chromium-browser: Use after frees in PDFium (CVE-2018-17481)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-18335)\n\n* chromium-browser: Use after free in PDFium (CVE-2018-18336)\n\n* chromium-browser: Use after free in Blink (CVE-2018-18337)\n\n* chromium-browser: Heap buffer overflow in Canvas (CVE-2018-18338)\n\n* chromium-browser: Use after free in WebAudio (CVE-2018-18339)\n\n* chromium-browser: Use after free in MediaRecorder (CVE-2018-18340)\n\n* chromium-browser: Heap buffer overflow in Blink (CVE-2018-18341)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2018-18342)\n\n* chromium-browser: Use after free in Skia (CVE-2018-18343)\n\n* chromium-browser: Inappropriate implementation in Extensions (CVE-2018-18344)\n\n* chromium-browser: Inappropriate implementation in Site Isolation (CVE-2018-18345)\n\n* chromium-browser: Incorrect security UI in Blink (CVE-2018-18346)\n\n* chromium-browser: Inappropriate implementation in Navigation (CVE-2018-18347)\n\n* chromium-browser: Inappropriate implementation in Omnibox (CVE-2018-18348)\n\n* chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18349)\n\n* chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18350)\n\n* chromium-browser: Insufficient policy enforcement in Navigation (CVE-2018-18351)\n\n* chromium-browser: Inappropriate implementation in Media (CVE-2018-18352)\n\n* chromium-browser: Inappropriate implementation in Network Authentication (CVE-2018-18353)\n\n* chromium-browser: Insufficient data validation in Shell Integration (CVE-2018-18354)\n\n* chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18355)\n\n* chromium-browser: Use after free in Skia (CVE-2018-18356)\n\n* chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18357)\n\n* chromium-browser: Insufficient policy enforcement in Proxy (CVE-2018-18358)\n\n* chromium-browser: Out of bounds read in V8 (CVE-2018-18359)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3803",
        "url": "https://access.redhat.com/errata/RHSA-2018:3803"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1656547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656547"
      },
      {
        "category": "external",
        "summary": "1656548",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656548"
      },
      {
        "category": "external",
        "summary": "1656549",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656549"
      },
      {
        "category": "external",
        "summary": "1656550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656550"
      },
      {
        "category": "external",
        "summary": "1656551",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656551"
      },
      {
        "category": "external",
        "summary": "1656552",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656552"
      },
      {
        "category": "external",
        "summary": "1656553",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656553"
      },
      {
        "category": "external",
        "summary": "1656554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656554"
      },
      {
        "category": "external",
        "summary": "1656555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656555"
      },
      {
        "category": "external",
        "summary": "1656556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656556"
      },
      {
        "category": "external",
        "summary": "1656557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656557"
      },
      {
        "category": "external",
        "summary": "1656558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656558"
      },
      {
        "category": "external",
        "summary": "1656559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656559"
      },
      {
        "category": "external",
        "summary": "1656560",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656560"
      },
      {
        "category": "external",
        "summary": "1656561",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656561"
      },
      {
        "category": "external",
        "summary": "1656562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656562"
      },
      {
        "category": "external",
        "summary": "1656563",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656563"
      },
      {
        "category": "external",
        "summary": "1656564",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656564"
      },
      {
        "category": "external",
        "summary": "1656565",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656565"
      },
      {
        "category": "external",
        "summary": "1656566",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656566"
      },
      {
        "category": "external",
        "summary": "1656567",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656567"
      },
      {
        "category": "external",
        "summary": "1656568",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656568"
      },
      {
        "category": "external",
        "summary": "1656569",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656569"
      },
      {
        "category": "external",
        "summary": "1656570",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656570"
      },
      {
        "category": "external",
        "summary": "1656571",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656571"
      },
      {
        "category": "external",
        "summary": "1656572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656572"
      },
      {
        "category": "external",
        "summary": "1656573",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656573"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3803.json"
      }
    ],
    "title": "Red Hat Security Advisory: chromium-browser security update",
    "tracking": {
      "current_release_date": "2026-01-13T22:32:47+00:00",
      "generator": {
        "date": "2026-01-13T22:32:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2018:3803",
      "initial_release_date": "2018-12-10T10:34:01+00:00",
      "revision_history": [
        {
          "date": "2018-12-10T10:34:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-12-10T10:34:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-13T22:32:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
                "product": {
                  "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
                  "product_id": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@71.0.3578.80-1.el6_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
                "product": {
                  "name": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
                  "product_id": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser@71.0.3578.80-1.el6_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
                "product": {
                  "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
                  "product_id": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@71.0.3578.80-1.el6_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "chromium-browser-0:71.0.3578.80-1.el6_10.i686",
                "product": {
                  "name": "chromium-browser-0:71.0.3578.80-1.el6_10.i686",
                  "product_id": "chromium-browser-0:71.0.3578.80-1.el6_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/chromium-browser@71.0.3578.80-1.el6_10?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:71.0.3578.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:71.0.3578.80-1.el6_10.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
        "relates_to_product_reference": "6Client-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:71.0.3578.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:71.0.3578.80-1.el6_10.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
        "relates_to_product_reference": "6Server-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:71.0.3578.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-0:71.0.3578.80-1.el6_10.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686"
        },
        "product_reference": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        },
        "product_reference": "chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
        "relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-17480",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656547"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Out of bounds write in V8",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17480"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656547",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656547"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17480"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17480",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17480"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-06-08T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "cve": "CVE-2018-17481",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656548"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after frees in PDFium",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17481"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656548",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656548"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17481",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17481"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17481",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17481"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after frees in PDFium"
    },
    {
      "cve": "CVE-2018-18335",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656549"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Heap buffer overflow in Skia",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18335"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656549",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656549"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18335",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18335",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18335"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Heap buffer overflow in Skia"
    },
    {
      "cve": "CVE-2018-18336",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656550"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in PDFium",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18336"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656550",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656550"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18336",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18336"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18336",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18336"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "cve": "CVE-2018-18337",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656551"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in Blink",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18337"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656551",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656551"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18337"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18337",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18337"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in Blink"
    },
    {
      "cve": "CVE-2018-18338",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656552"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Heap buffer overflow in Canvas",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18338"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656552",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656552"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18338"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Heap buffer overflow in Canvas"
    },
    {
      "cve": "CVE-2018-18339",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656553"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in WebAudio",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18339"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656553",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656553"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18339"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18339",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18339"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in WebAudio"
    },
    {
      "cve": "CVE-2018-18340",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656554"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in MediaRecorder",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18340"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656554",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656554"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18340"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18340",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18340"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in MediaRecorder"
    },
    {
      "cve": "CVE-2018-18341",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656555"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Heap buffer overflow in Blink",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18341"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656555",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656555"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18341"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18341",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18341"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Heap buffer overflow in Blink"
    },
    {
      "cve": "CVE-2018-18342",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Out of bounds write in V8",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18342"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18342",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18342"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18342",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18342"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "cve": "CVE-2018-18343",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Use after free in Skia",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18343"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18343"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18343",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18343"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "cve": "CVE-2018-18344",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656558"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Inappropriate implementation in Extensions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18344"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656558",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656558"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18344",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18344"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18344",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18344"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "chromium-browser: Inappropriate implementation in Extensions"
    },
    {
      "cve": "CVE-2018-18345",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Inappropriate implementation in Site Isolation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18345"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18345"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18345",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18345"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Inappropriate implementation in Site Isolation"
    },
    {
      "cve": "CVE-2018-18346",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656560"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Incorrect security UI in Blink",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18346"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656560",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656560"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18346",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18346"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18346",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18346"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Incorrect security UI in Blink"
    },
    {
      "cve": "CVE-2018-18347",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656561"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Inappropriate implementation in Navigation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18347"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656561",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656561"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18347"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18347",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18347"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Inappropriate implementation in Navigation"
    },
    {
      "cve": "CVE-2018-18348",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656562"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Inappropriate implementation in Omnibox",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18348"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656562",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656562"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18348",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18348"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18348",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18348"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Inappropriate implementation in Omnibox"
    },
    {
      "cve": "CVE-2018-18349",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656563"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient policy enforcement in Blink",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18349"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656563",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656563"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18349"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient policy enforcement in Blink"
    },
    {
      "cve": "CVE-2018-18350",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656564"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient policy enforcement in Blink",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18350"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656564",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656564"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18350"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18350",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18350"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient policy enforcement in Blink"
    },
    {
      "cve": "CVE-2018-18351",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656565"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient policy enforcement in Navigation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18351"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656565",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656565"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18351"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18351",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18351"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient policy enforcement in Navigation"
    },
    {
      "cve": "CVE-2018-18352",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656566"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Inappropriate implementation in Media",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18352"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656566",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656566"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18352"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18352",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18352"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "cve": "CVE-2018-18353",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656567"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Inappropriate implementation in Network Authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18353"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656567",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656567"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18353"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18353",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18353"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Inappropriate implementation in Network Authentication"
    },
    {
      "cve": "CVE-2018-18354",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656568"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient data validation in Shell Integration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18354"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656568",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656568"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18354"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18354",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18354"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient data validation in Shell Integration"
    },
    {
      "cve": "CVE-2018-18355",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656569"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient policy enforcement in URL Formatter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18355"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656569",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656569"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18355",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18355"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18355",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18355"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient policy enforcement in URL Formatter"
    },
    {
      "cve": "CVE-2018-18356",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656570"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mozilla: Use after free in Skia",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18356"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656570",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656570"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18356",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18356"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mozilla: Use after free in Skia"
    },
    {
      "cve": "CVE-2018-18357",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656571"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient policy enforcement in URL Formatter",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18357"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656571",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656571"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18357"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18357",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18357"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient policy enforcement in URL Formatter"
    },
    {
      "cve": "CVE-2018-18358",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656572"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Insufficient policy enforcement in Proxy",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18358"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656572",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656572"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18358"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Insufficient policy enforcement in Proxy"
    },
    {
      "cve": "CVE-2018-18359",
      "discovery_date": "2018-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1656573"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "chromium-browser: Out of bounds read in V8",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
          "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-18359"
        },
        {
          "category": "external",
          "summary": "RHBZ#1656573",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656573"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18359",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18359"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18359",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18359"
        },
        {
          "category": "external",
          "summary": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        }
      ],
      "release_date": "2018-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-12-10T10:34:01+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
          "product_ids": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-0:71.0.3578.80-1.el6_10.x86_64",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.i686",
            "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:71.0.3578.80-1.el6_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "chromium-browser: Out of bounds read in V8"
    }
  ]
}

CVE-2018-18338 (GCVE-0-2018-18338)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Heap buffer overflow

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/890576	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/890576"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/890576"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18338",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/890576",
              "refsource": "MISC",
              "url": "https://crbug.com/890576"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18338",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18345 (GCVE-0-2018-18345)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

6 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://crbug.com/886976	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/886976"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/886976"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/886976",
              "refsource": "MISC",
              "url": "https://crbug.com/886976"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18345",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18353 (GCVE-0-2018-18353)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/884179	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/884179"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/884179"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18353",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/884179",
              "refsource": "MISC",
              "url": "https://crbug.com/884179"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18353",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18340 (GCVE-0-2018-18340)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/896736	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.482Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/896736"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/896736"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/896736",
              "refsource": "MISC",
              "url": "https://crbug.com/896736"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18340",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18342 (GCVE-0-2018-18342)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Out of bounds write

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/906313	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/906313"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/906313"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18342",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out of bounds write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/906313",
              "refsource": "MISC",
              "url": "https://crbug.com/906313"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18342",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18358 (GCVE-0-2018-18358)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/899126	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/899126"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/899126"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/899126",
              "refsource": "MISC",
              "url": "https://crbug.com/899126"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18358",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18352 (GCVE-0-2018-18352)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/849942	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/849942"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/849942"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/849942",
              "refsource": "MISC",
              "url": "https://crbug.com/849942"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18352",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-17480 (GCVE-0-2018-17480)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2025-10-21 23:45

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Out of bounds write

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/905940	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:47:04.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/905940"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-17480",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:16:06.991096Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-06-08",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:46.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-06-08T00:00:00.000Z",
            "value": "CVE-2018-17480 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/905940"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-17480",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out of bounds write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/905940",
              "refsource": "MISC",
              "url": "https://crbug.com/905940"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-17480",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-09-25T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:46.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18346 (GCVE-0-2018-18346)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Incorrect security UI

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/606104	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/606104"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect security UI",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/606104"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18346",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect security UI"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/606104",
              "refsource": "MISC",
              "url": "https://crbug.com/606104"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18346",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18343 (GCVE-0-2018-18343)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/882423	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/882423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:07.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/882423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18343",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/882423",
              "refsource": "MISC",
              "url": "https://crbug.com/882423"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18343",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18341 (GCVE-0-2018-18341)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Heap buffer overflow

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/901030	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/901030"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/901030"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/901030",
              "refsource": "MISC",
              "url": "https://crbug.com/901030"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18341",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18344 (GCVE-0-2018-18344)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/866426	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/866426"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/866426"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/866426",
              "refsource": "MISC",
              "url": "https://crbug.com/866426"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18344",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18337 (GCVE-0-2018-18337)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/886753	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/886753"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/886753"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/886753",
              "refsource": "MISC",
              "url": "https://crbug.com/886753"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18337",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18348 (GCVE-0-2018-18348)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

6 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://crbug.com/881659	x_refsource_MISC
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/881659"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/881659"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18348",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "https://crbug.com/881659",
              "refsource": "MISC",
              "url": "https://crbug.com/881659"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18348",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18350 (GCVE-0-2018-18350)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/799747	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/799747"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:07.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/799747"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/799747",
              "refsource": "MISC",
              "url": "https://crbug.com/799747"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18350",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18339 (GCVE-0-2018-18339)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

6 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://crbug.com/891187	x_refsource_MISC
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/891187"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/891187"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18339",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "https://crbug.com/891187",
              "refsource": "MISC",
              "url": "https://crbug.com/891187"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18339",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18336 (GCVE-0-2018-18336)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

6 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://crbug.com/898531	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/898531"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/898531"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/898531",
              "refsource": "MISC",
              "url": "https://crbug.com/898531"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18336",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18347 (GCVE-0-2018-18347)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/850824	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/850824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:07.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/850824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18347",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/850824",
              "refsource": "MISC",
              "url": "https://crbug.com/850824"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18347",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18335 (GCVE-0-2018-18335)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Heap buffer overflow

Assigner

Chrome

References

8 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://crbug.com/895362	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201904-07	vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/895362"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201904-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201904-07"
          },
          {
            "name": "openSUSE-SU-2019:1162",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/895362"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201904-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201904-07"
        },
        {
          "name": "openSUSE-SU-2019:1162",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18335",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/895362",
              "refsource": "MISC",
              "url": "https://crbug.com/895362"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201904-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201904-07"
            },
            {
              "name": "openSUSE-SU-2019:1162",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18335",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-17481 (GCVE-0-2018-17481)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 10:47

Summary

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

8 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4395	vendor-advisoryx_refsource_DEBIAN
https://crbug.com/901654	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.98 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:47:04.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
          },
          {
            "name": "DSA-4395",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4395"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/901654"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.98",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
        },
        {
          "name": "DSA-4395",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4395"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/901654"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-17481",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.98"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
            },
            {
              "name": "DSA-4395",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4395"
            },
            {
              "name": "https://crbug.com/901654",
              "refsource": "MISC",
              "url": "https://crbug.com/901654"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-17481",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-09-25T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:47:04.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18359 (GCVE-0-2018-18359)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Out of bounds read

Assigner

Chrome

References

6 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://crbug.com/907714	x_refsource_MISC
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/907714"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:08.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/907714"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out of bounds read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "https://crbug.com/907714",
              "refsource": "MISC",
              "url": "https://crbug.com/907714"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18359",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18356 (GCVE-0-2018-18356)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

18 references

URL	Tags
https://access.redhat.com/errata/RHSA-2019:0373	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3897-1/	vendor-advisoryx_refsource_UBUNTU
https://crbug.com/883666	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/201903-04	vendor-advisoryx_refsource_GENTOO
https://usn.ubuntu.com/3896-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:0374	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4391	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4392	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201904-07	vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:1144	vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0373",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0373"
          },
          {
            "name": "USN-3897-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3897-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/883666"
          },
          {
            "name": "[debian-lts-announce] 20190215 [SECURITY] [DLA 1677-1] firefox-esr security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html"
          },
          {
            "name": "GLSA-201903-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-04"
          },
          {
            "name": "USN-3896-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3896-1/"
          },
          {
            "name": "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2019:0374",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0374"
          },
          {
            "name": "DSA-4391",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4391"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4392",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4392"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201904-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201904-07"
          },
          {
            "name": "openSUSE-SU-2019:1162",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
          },
          {
            "name": "RHSA-2019:1144",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1144"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "RHSA-2019:0373",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0373"
        },
        {
          "name": "USN-3897-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3897-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/883666"
        },
        {
          "name": "[debian-lts-announce] 20190215 [SECURITY] [DLA 1677-1] firefox-esr security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html"
        },
        {
          "name": "GLSA-201903-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-04"
        },
        {
          "name": "USN-3896-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3896-1/"
        },
        {
          "name": "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2019:0374",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0374"
        },
        {
          "name": "DSA-4391",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4391"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4392",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4392"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201904-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201904-07"
        },
        {
          "name": "openSUSE-SU-2019:1162",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
        },
        {
          "name": "RHSA-2019:1144",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1144"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0373",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0373"
            },
            {
              "name": "USN-3897-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3897-1/"
            },
            {
              "name": "https://crbug.com/883666",
              "refsource": "MISC",
              "url": "https://crbug.com/883666"
            },
            {
              "name": "[debian-lts-announce] 20190215 [SECURITY] [DLA 1677-1] firefox-esr security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html"
            },
            {
              "name": "GLSA-201903-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-04"
            },
            {
              "name": "USN-3896-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3896-1/"
            },
            {
              "name": "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2019:0374",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0374"
            },
            {
              "name": "DSA-4391",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4391"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4392",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4392"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201904-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201904-07"
            },
            {
              "name": "openSUSE-SU-2019:1162",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html"
            },
            {
              "name": "RHSA-2019:1144",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1144"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18356",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18357 (GCVE-0-2018-18357)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/895207	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/895207"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/895207"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/895207",
              "refsource": "MISC",
              "url": "https://crbug.com/895207"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18357",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18354 (GCVE-0-2018-18354)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Insufficient data validation

Assigner

Chrome

References

6 references

URL	Tags
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://crbug.com/889459	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/889459"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient data validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/889459"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18354",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient data validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://crbug.com/889459",
              "refsource": "MISC",
              "url": "https://crbug.com/889459"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18354",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18355 (GCVE-0-2018-18355)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/896717	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.459Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/896717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/896717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/896717",
              "refsource": "MISC",
              "url": "https://crbug.com/896717"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18355",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18349 (GCVE-0-2018-18349)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/894399	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/894399"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/894399"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/894399",
              "refsource": "MISC",
              "url": "https://crbug.com/894399"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18349",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18351 (GCVE-0-2018-18351)

Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 11:08

Summary

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

6 references

URL	Tags
https://crbug.com/833847	x_refsource_MISC
https://chromereleases.googleblog.com/2018/12/sta…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3803	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4352	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/106084	vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201908-18	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 71.0.3578.80 (custom)

Date Public ?

2018-12-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:21.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/833847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
          },
          {
            "name": "RHSA-2018:3803",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3803"
          },
          {
            "name": "DSA-4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4352"
          },
          {
            "name": "106084",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106084"
          },
          {
            "name": "GLSA-201908-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "71.0.3578.80",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-17T20:06:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/833847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
        },
        {
          "name": "RHSA-2018:3803",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3803"
        },
        {
          "name": "DSA-4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4352"
        },
        {
          "name": "106084",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106084"
        },
        {
          "name": "GLSA-201908-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2018-18351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "71.0.3578.80"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/833847",
              "refsource": "MISC",
              "url": "https://crbug.com/833847"
            },
            {
              "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
              "refsource": "CONFIRM",
              "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "RHSA-2018:3803",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3803"
            },
            {
              "name": "DSA-4352",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4352"
            },
            {
              "name": "106084",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106084"
            },
            {
              "name": "GLSA-201908-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2018-18351",
    "datePublished": "2018-12-11T15:00:00.000Z",
    "dateReserved": "2018-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:08:21.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2018:3803

CVE-2018-18338 (GCVE-0-2018-18338)

CVE-2018-18345 (GCVE-0-2018-18345)

CVE-2018-18353 (GCVE-0-2018-18353)

CVE-2018-18340 (GCVE-0-2018-18340)

CVE-2018-18342 (GCVE-0-2018-18342)

CVE-2018-18358 (GCVE-0-2018-18358)

CVE-2018-18352 (GCVE-0-2018-18352)

CVE-2018-17480 (GCVE-0-2018-17480)

CVE-2018-18346 (GCVE-0-2018-18346)

CVE-2018-18343 (GCVE-0-2018-18343)

CVE-2018-18341 (GCVE-0-2018-18341)

CVE-2018-18344 (GCVE-0-2018-18344)

CVE-2018-18337 (GCVE-0-2018-18337)

CVE-2018-18348 (GCVE-0-2018-18348)

CVE-2018-18350 (GCVE-0-2018-18350)

CVE-2018-18339 (GCVE-0-2018-18339)

CVE-2018-18336 (GCVE-0-2018-18336)

CVE-2018-18347 (GCVE-0-2018-18347)

CVE-2018-18335 (GCVE-0-2018-18335)

CVE-2018-17481 (GCVE-0-2018-17481)

CVE-2018-18359 (GCVE-0-2018-18359)

CVE-2018-18356 (GCVE-0-2018-18356)

CVE-2018-18357 (GCVE-0-2018-18357)

CVE-2018-18354 (GCVE-0-2018-18354)

CVE-2018-18355 (GCVE-0-2018-18355)

CVE-2018-18349 (GCVE-0-2018-18349)

CVE-2018-18351 (GCVE-0-2018-18351)

Tags

Sightings

Nomenclature