Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5167 (GCVE-0-2016-5167)
Vulnerability from cvelistv5 – Published: 2016-09-11 10:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2016-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/633585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/627355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/617648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/634394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/624213"
},
{
"name": "92717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/625575"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/619379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/627418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/624214"
},
{
"name": "openSUSE-SU-2016:2349",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/642598"
},
{
"name": "DSA-3660",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/637320"
},
{
"name": "RHSA-2016:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/634557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/633585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/627355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/617648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/634394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/624213"
},
{
"name": "92717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/625575"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/619379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/627418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/624214"
},
{
"name": "openSUSE-SU-2016:2349",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/642598"
},
{
"name": "DSA-3660",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/637320"
},
{
"name": "RHSA-2016:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/634557"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/633585",
"refsource": "CONFIRM",
"url": "https://crbug.com/633585"
},
{
"name": "https://crbug.com/627355",
"refsource": "CONFIRM",
"url": "https://crbug.com/627355"
},
{
"name": "https://crbug.com/617648",
"refsource": "CONFIRM",
"url": "https://crbug.com/617648"
},
{
"name": "https://crbug.com/634394",
"refsource": "CONFIRM",
"url": "https://crbug.com/634394"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "https://crbug.com/624213",
"refsource": "CONFIRM",
"url": "https://crbug.com/624213"
},
{
"name": "92717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036729"
},
{
"name": "https://crbug.com/625575",
"refsource": "CONFIRM",
"url": "https://crbug.com/625575"
},
{
"name": "https://crbug.com/619379",
"refsource": "CONFIRM",
"url": "https://crbug.com/619379"
},
{
"name": "https://crbug.com/627418",
"refsource": "CONFIRM",
"url": "https://crbug.com/627418"
},
{
"name": "https://crbug.com/624214",
"refsource": "CONFIRM",
"url": "https://crbug.com/624214"
},
{
"name": "openSUSE-SU-2016:2349",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "https://crbug.com/642598",
"refsource": "CONFIRM",
"url": "https://crbug.com/642598"
},
{
"name": "DSA-3660",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "https://crbug.com/637320",
"refsource": "CONFIRM",
"url": "https://crbug.com/637320"
},
{
"name": "RHSA-2016:1854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"name": "https://crbug.com/634557",
"refsource": "CONFIRM",
"url": "https://crbug.com/634557"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5167",
"datePublished": "2016-09-11T10:00:00.000Z",
"dateReserved": "2016-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"52.0.2743.116\", \"matchCriteriaId\": \"2B9B1F3E-5ED5-490F-9AB5-B2065C2C99FF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux permiten a atacantes provocar una denegaci\\u00f3n de servicio o tener otro posible impacto no especificado a trav\\u00e9s de vectores desconocidos.\"}]",
"id": "CVE-2016-5167",
"lastModified": "2024-11-21T02:53:45.490",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-09-11T10:59:24.303",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1854.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3660\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/92717\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036729\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/617648\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/619379\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/624213\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/624214\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/625575\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/627355\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/627418\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/633585\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/634394\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/634557\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/637320\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/642598\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-09\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1854.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3660\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/92717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/617648\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/619379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/624213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/624214\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/625575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/627355\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/627418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/633585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/634394\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/634557\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/637320\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/642598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201610-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5167\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-09-11T10:59:24.303\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux permiten a atacantes provocar una denegaci\u00f3n de servicio o tener otro posible impacto no especificado a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"52.0.2743.116\",\"matchCriteriaId\":\"2B9B1F3E-5ED5-490F-9AB5-B2065C2C99FF\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1854.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3660\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/92717\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1036729\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/617648\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/619379\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/624213\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/624214\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/625575\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/627355\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/627418\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/633585\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/634394\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/634557\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/637320\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/642598\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201610-09\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1854.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3660\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/92717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/617648\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/619379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/624213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/624214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/625575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/627355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/627418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/633585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/634394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/634557\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/637320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/642598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201610-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2016-AVI-293
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 53.0.2785.92 pour Linux",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 53.0.2785.89 pour Windows et Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5150"
},
{
"name": "CVE-2016-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5156"
},
{
"name": "CVE-2016-5162",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5162"
},
{
"name": "CVE-2016-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5157"
},
{
"name": "CVE-2016-5164",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5164"
},
{
"name": "CVE-2016-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5147"
},
{
"name": "CVE-2016-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5159"
},
{
"name": "CVE-2016-5167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5167"
},
{
"name": "CVE-2016-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5160"
},
{
"name": "CVE-2016-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5158"
},
{
"name": "CVE-2016-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5153"
},
{
"name": "CVE-2016-5163",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5163"
},
{
"name": "CVE-2016-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5151"
},
{
"name": "CVE-2016-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5161"
},
{
"name": "CVE-2016-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5165"
},
{
"name": "CVE-2016-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5166"
},
{
"name": "CVE-2016-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5154"
},
{
"name": "CVE-2016-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5152"
},
{
"name": "CVE-2016-5148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5148"
},
{
"name": "CVE-2016-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5149"
},
{
"name": "CVE-2016-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5155"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-293",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un\ncontournement de la politique de s\u00e9curit\u00e9 et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 31 ao\u00fbt 2016",
"url": "http://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html"
}
]
}
CERTFR-2016-AVI-293
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 53.0.2785.92 pour Linux",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 53.0.2785.89 pour Windows et Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5150"
},
{
"name": "CVE-2016-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5156"
},
{
"name": "CVE-2016-5162",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5162"
},
{
"name": "CVE-2016-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5157"
},
{
"name": "CVE-2016-5164",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5164"
},
{
"name": "CVE-2016-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5147"
},
{
"name": "CVE-2016-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5159"
},
{
"name": "CVE-2016-5167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5167"
},
{
"name": "CVE-2016-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5160"
},
{
"name": "CVE-2016-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5158"
},
{
"name": "CVE-2016-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5153"
},
{
"name": "CVE-2016-5163",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5163"
},
{
"name": "CVE-2016-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5151"
},
{
"name": "CVE-2016-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5161"
},
{
"name": "CVE-2016-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5165"
},
{
"name": "CVE-2016-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5166"
},
{
"name": "CVE-2016-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5154"
},
{
"name": "CVE-2016-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5152"
},
{
"name": "CVE-2016-5148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5148"
},
{
"name": "CVE-2016-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5149"
},
{
"name": "CVE-2016-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5155"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-293",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un\ncontournement de la politique de s\u00e9curit\u00e9 et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 31 ao\u00fbt 2016",
"url": "http://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html"
}
]
}
RHSA-2016:1854
Vulnerability from csaf_redhat - Published: 2016-09-12 19:39 - Updated: 2025-11-21 17:57Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.89.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1854",
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"category": "external",
"summary": "1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1854.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T17:57:31+00:00",
"generator": {
"date": "2025-11-21T17:57:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:1854",
"initial_release_date": "2016-09-12T19:39:33+00:00",
"revision_history": [
{
"date": "2016-09-12T19:39:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-12T19:39:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:57:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372207"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "RHBZ#1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5148",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372208"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "RHBZ#1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5149",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372209"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "RHBZ#1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: script injection in extensions"
},
{
"cve": "CVE-2016-5150",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372210"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "RHBZ#1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5151",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372212"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "RHBZ#1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5152",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372213"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "RHBZ#1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5153",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372214"
}
],
"notes": [
{
"category": "description",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after destruction in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "RHBZ#1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after destruction in blink"
},
{
"cve": "CVE-2016-5154",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372215"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "RHBZ#1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5155",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372216"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "RHBZ#1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5156",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372217"
}
],
"notes": [
{
"category": "description",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in event bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "RHBZ#1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in event bindings"
},
{
"cve": "CVE-2016-5157",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372218"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "RHBZ#1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5158",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372219"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "RHBZ#1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc"
},
{
"cve": "CVE-2016-5159",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372220"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow in parsing of JPEG2000 code blocks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "RHBZ#1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow in parsing of JPEG2000 code blocks"
},
{
"cve": "CVE-2016-5160",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372228"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "RHBZ#1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5161",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372221"
}
],
"notes": [
{
"category": "description",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "RHBZ#1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: type confusion in blink"
},
{
"cve": "CVE-2016-5162",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372222"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "RHBZ#1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5162",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5163",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372223"
}
],
"notes": [
{
"category": "description",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "RHBZ#1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5163",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5164",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372224"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "RHBZ#1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5164",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss using devtools"
},
{
"cve": "CVE-2016-5165",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372225"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "RHBZ#1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: script injection in devtools"
},
{
"cve": "CVE-2016-5166",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372227"
}
],
"notes": [
{
"category": "description",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: smb relay attack via save page as",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "RHBZ#1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: smb relay attack via save page as"
},
{
"cve": "CVE-2016-5167",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372229"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5167"
},
{
"category": "external",
"summary": "RHBZ#1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
RHSA-2016_1854
Vulnerability from csaf_redhat - Published: 2016-09-12 19:39 - Updated: 2024-11-14 20:48Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.89.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:1854
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1854",
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"category": "external",
"summary": "1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1854.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T20:48:08+00:00",
"generator": {
"date": "2024-11-14T20:48:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2016:1854",
"initial_release_date": "2016-09-12T19:39:33+00:00",
"revision_history": [
{
"date": "2016-09-12T19:39:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-09-12T19:39:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T20:48:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.89-3.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.89-3.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372207"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "RHBZ#1372207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5147",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5147"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5147"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5148",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372208"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "RHBZ#1372208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5148"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5149",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372209"
}
],
"notes": [
{
"category": "description",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "RHBZ#1372209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5149",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5149"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: script injection in extensions"
},
{
"cve": "CVE-2016-5150",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372210"
}
],
"notes": [
{
"category": "description",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "RHBZ#1372210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5150",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5150"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5151",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372212"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "RHBZ#1372212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5151",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5151"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5152",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372213"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "RHBZ#1372213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5152",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5152"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5153",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372214"
}
],
"notes": [
{
"category": "description",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after destruction in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "RHBZ#1372214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5153",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5153"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after destruction in blink"
},
{
"cve": "CVE-2016-5154",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372215"
}
],
"notes": [
{
"category": "description",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "RHBZ#1372215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5154",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5154"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5155",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372216"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "RHBZ#1372216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5155",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5155"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5156",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372217"
}
],
"notes": [
{
"category": "description",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in event bindings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "RHBZ#1372217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5156"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in event bindings"
},
{
"cve": "CVE-2016-5157",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372218"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "RHBZ#1372218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5157",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5157"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in pdfium"
},
{
"cve": "CVE-2016-5158",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372219"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "RHBZ#1372219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5158",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5158"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow due to unsafe use of opj_aligned_malloc"
},
{
"cve": "CVE-2016-5159",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372220"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: heap overflow in parsing of JPEG2000 code blocks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "RHBZ#1372220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5159",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5159"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjpeg: heap overflow in parsing of JPEG2000 code blocks"
},
{
"cve": "CVE-2016-5160",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372228"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "RHBZ#1372228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5160"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5161",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372221"
}
],
"notes": [
{
"category": "description",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: type confusion in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "RHBZ#1372221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5161"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: type confusion in blink"
},
{
"cve": "CVE-2016-5162",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372222"
}
],
"notes": [
{
"category": "description",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: extensions web accessible resources bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "RHBZ#1372222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5162",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5162"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: extensions web accessible resources bypass"
},
{
"cve": "CVE-2016-5163",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372223"
}
],
"notes": [
{
"category": "description",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: address bar spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "RHBZ#1372223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5163",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5163"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: address bar spoofing"
},
{
"cve": "CVE-2016-5164",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372224"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "RHBZ#1372224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5164",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5164"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss using devtools"
},
{
"cve": "CVE-2016-5165",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372225"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: script injection in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "RHBZ#1372225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5165",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5165"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: script injection in devtools"
},
{
"cve": "CVE-2016-5166",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372227"
}
],
"notes": [
{
"category": "description",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: smb relay attack via save page as",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "RHBZ#1372227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372227"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5166"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: smb relay attack via save page as"
},
{
"cve": "CVE-2016-5167",
"discovery_date": "2016-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1372229"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5167"
},
{
"category": "external",
"summary": "RHBZ#1372229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372229"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-09-12T19:39:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1854"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.89-3.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.89-3.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
FKIE_CVE-2016-5167
Vulnerability from fkie_nvd - Published: 2016-09-11 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
References
| URL | Tags | ||
|---|---|---|---|
| chrome-cve-admin@google.com | http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html | ||
| chrome-cve-admin@google.com | http://rhn.redhat.com/errata/RHSA-2016-1854.html | ||
| chrome-cve-admin@google.com | http://www.debian.org/security/2016/dsa-3660 | ||
| chrome-cve-admin@google.com | http://www.securityfocus.com/bid/92717 | ||
| chrome-cve-admin@google.com | http://www.securitytracker.com/id/1036729 | ||
| chrome-cve-admin@google.com | https://crbug.com/617648 | ||
| chrome-cve-admin@google.com | https://crbug.com/619379 | ||
| chrome-cve-admin@google.com | https://crbug.com/624213 | ||
| chrome-cve-admin@google.com | https://crbug.com/624214 | ||
| chrome-cve-admin@google.com | https://crbug.com/625575 | ||
| chrome-cve-admin@google.com | https://crbug.com/627355 | ||
| chrome-cve-admin@google.com | https://crbug.com/627418 | ||
| chrome-cve-admin@google.com | https://crbug.com/633585 | ||
| chrome-cve-admin@google.com | https://crbug.com/634394 | ||
| chrome-cve-admin@google.com | https://crbug.com/634557 | ||
| chrome-cve-admin@google.com | https://crbug.com/637320 | ||
| chrome-cve-admin@google.com | https://crbug.com/642598 | ||
| chrome-cve-admin@google.com | https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html | ||
| chrome-cve-admin@google.com | https://security.gentoo.org/glsa/201610-09 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1854.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3660 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036729 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/617648 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/619379 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/624213 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/624214 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/625575 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/627355 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/627418 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/633585 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/634394 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/634557 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/637320 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crbug.com/642598 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201610-09 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B1F3E-5ED5-490F-9AB5-B2065C2C99FF",
"versionEndIncluding": "52.0.2743.116",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux permiten a atacantes provocar una denegaci\u00f3n de servicio o tener otro posible impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-5167",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-11T10:59:24.303",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1036729"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/617648"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/619379"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/624213"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/624214"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/625575"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/627355"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/627418"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/633585"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/634394"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/634557"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/637320"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/642598"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/617648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/619379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/624213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/624214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/625575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/627355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/627418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/633585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/634394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/634557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/637320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/642598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201610-09"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2016-5167
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-5167",
"description": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"id": "GSD-2016-5167",
"references": [
"https://www.suse.com/security/cve/CVE-2016-5167.html",
"https://www.debian.org/security/2016/dsa-3660",
"https://access.redhat.com/errata/RHSA-2016:1854",
"https://ubuntu.com/security/CVE-2016-5167",
"https://advisories.mageia.org/CVE-2016-5167.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-5167"
],
"details": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"id": "GSD-2016-5167",
"modified": "2023-12-13T01:21:25.557911Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/633585",
"refsource": "CONFIRM",
"url": "https://crbug.com/633585"
},
{
"name": "https://crbug.com/627355",
"refsource": "CONFIRM",
"url": "https://crbug.com/627355"
},
{
"name": "https://crbug.com/617648",
"refsource": "CONFIRM",
"url": "https://crbug.com/617648"
},
{
"name": "https://crbug.com/634394",
"refsource": "CONFIRM",
"url": "https://crbug.com/634394"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "https://crbug.com/624213",
"refsource": "CONFIRM",
"url": "https://crbug.com/624213"
},
{
"name": "92717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036729"
},
{
"name": "https://crbug.com/625575",
"refsource": "CONFIRM",
"url": "https://crbug.com/625575"
},
{
"name": "https://crbug.com/619379",
"refsource": "CONFIRM",
"url": "https://crbug.com/619379"
},
{
"name": "https://crbug.com/627418",
"refsource": "CONFIRM",
"url": "https://crbug.com/627418"
},
{
"name": "https://crbug.com/624214",
"refsource": "CONFIRM",
"url": "https://crbug.com/624214"
},
{
"name": "openSUSE-SU-2016:2349",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "https://crbug.com/642598",
"refsource": "CONFIRM",
"url": "https://crbug.com/642598"
},
{
"name": "DSA-3660",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "https://crbug.com/637320",
"refsource": "CONFIRM",
"url": "https://crbug.com/637320"
},
{
"name": "RHSA-2016:1854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"name": "https://crbug.com/634557",
"refsource": "CONFIRM",
"url": "https://crbug.com/634557"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "52.0.2743.116",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5167"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/634394",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/634394"
},
{
"name": "https://crbug.com/637320",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/637320"
},
{
"name": "https://crbug.com/634557",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/634557"
},
{
"name": "https://crbug.com/617648",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/617648"
},
{
"name": "https://crbug.com/625575",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/625575"
},
{
"name": "https://crbug.com/633585",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/633585"
},
{
"name": "https://crbug.com/642598",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://crbug.com/642598"
},
{
"name": "https://crbug.com/624214",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/624214"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "https://crbug.com/627418",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/627418"
},
{
"name": "https://crbug.com/627355",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/627355"
},
{
"name": "https://crbug.com/619379",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/619379"
},
{
"name": "https://crbug.com/624213",
"refsource": "CONFIRM",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/624213"
},
{
"name": "openSUSE-SU-2016:2349",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "DSA-3660",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "92717",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "RHSA-2016:1854",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "1036729",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1036729"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-10-30T16:27Z",
"publishedDate": "2016-09-11T10:59Z"
}
}
}
GHSA-XJ65-C785-82WR
Vulnerability from github – Published: 2022-05-14 02:12 – Updated: 2022-05-14 02:12
VLAI?
Details
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-5167"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-11T10:59:00Z",
"severity": "HIGH"
},
"details": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"id": "GHSA-xj65-c785-82wr",
"modified": "2022-05-14T02:12:20Z",
"published": "2022-05-14T02:12:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5167"
},
{
"type": "WEB",
"url": "https://crbug.com/617648"
},
{
"type": "WEB",
"url": "https://crbug.com/619379"
},
{
"type": "WEB",
"url": "https://crbug.com/624213"
},
{
"type": "WEB",
"url": "https://crbug.com/624214"
},
{
"type": "WEB",
"url": "https://crbug.com/625575"
},
{
"type": "WEB",
"url": "https://crbug.com/627355"
},
{
"type": "WEB",
"url": "https://crbug.com/627418"
},
{
"type": "WEB",
"url": "https://crbug.com/633585"
},
{
"type": "WEB",
"url": "https://crbug.com/634394"
},
{
"type": "WEB",
"url": "https://crbug.com/634557"
},
{
"type": "WEB",
"url": "https://crbug.com/637320"
},
{
"type": "WEB",
"url": "https://crbug.com/642598"
},
{
"type": "WEB",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2016-07195
Vulnerability from cnvd - Published: 2016-09-05
VLAI Severity ?
Title
Google Chrome任意代码执行漏洞(CNVD-2016-07195)
Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。
Google Chrome Extensions 53.0.2785.89之前的版本中存在任意代码执行漏洞。攻击者可利用该漏洞在浏览器上下文中执行任意代码,绕过安全限制,执行未授权操作,或造成拒绝服务。
Severity
高
Patch Name
Google Chrome任意代码执行漏洞(CNVD-2016-07195)的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。
Google Chrome Extensions 53.0.2785.89之前的版本中存在任意代码执行漏洞。攻击者可利用该漏洞在浏览器上下文中执行任意代码,绕过安全限制,执行未授权操作,或造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://googlechromereleases.blogspot.in/2016/08/stable-channel-update-for-desktop_31.html
Reference
http://www.securityfocus.com/bid/92717
Impacted products
| Name | Google Chrome <53.0.2785.89 |
|---|
{
"bids": {
"bid": {
"bidNumber": "92717"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-5167"
}
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome Extensions 53.0.2785.89\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\uff0c\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Max Justicz, GiWan Go of Stealien, Atte Kettunen of OUSPG, jinmo123, 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro\u0027s Zero Day Initiative, Nicolas Golubovic, Rafay Baloch PTCL Etisalat, Gregory Panakkal, @l33terally of FogMarks.com.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://googlechromereleases.blogspot.in/2016/08/stable-channel-update-for-desktop_31.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-07195",
"openTime": "2016-09-05",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome Extensions 53.0.2785.89\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\uff0c\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-07195\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c53.0.2785.89"
},
"referenceLink": "http://www.securityfocus.com/bid/92717",
"serverity": "\u9ad8",
"submitTime": "2016-09-05",
"title": "Google Chrome\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-07195\uff09"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…