Action not permitted
Modal body text goes here.
Modal Title
Modal Body
BDU:2018-01522
Vulnerability from fstec - Published: 09.12.2017
VLAI Severity ?
Title
Уязвимость компонента Download File Handler браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость компонента Download File Handler браузера Google Chrome существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код при помощи специально сформированного компонента Chrome Extension
Severity ?
Vendor
Red Hat Inc., Google Inc, Сообщество свободного программного обеспечения
Software Name
Red Hat Enterprise Linux, Google Chrome, Debian GNU/Linux
Software Version
Server 6 (Red Hat Enterprise Linux), Desktop 6 (Red Hat Enterprise Linux), Workstation 6 (Red Hat Enterprise Linux), до 64.0.3282.119 (Google Chrome), 8 (Debian GNU/Linux)
Possible Mitigations
Использование рекомендаций: https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
Reference
https://cxsecurity.com/cveshow/CVE-2018-6033/
http://www.securityfocus.com/bid/102797
http://www.securitytracker.com/id/1040282
https://access.redhat.com/errata/RHSA-2018:0265
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
https://crbug.com/793620
https://www.debian.org/security/2018/dsa-4103
https://nvd.nist.gov/vuln/detail/CVE-2018-6033
https://vuldb.com/?id.112562
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Google Inc, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Server 6 (Red Hat Enterprise Linux), Desktop 6 (Red Hat Enterprise Linux), Workstation 6 (Red Hat Enterprise Linux), \u0434\u043e 64.0.3282.119 (Google Chrome), 8 (Debian GNU/Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.12.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.12.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01522",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-6033, DSA-4103, RHSA-2018:0265",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Google Chrome, Debian GNU/Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Download File Handler \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Download File Handler \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Chrome Extension",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cxsecurity.com/cveshow/CVE-2018-6033/\nhttp://www.securityfocus.com/bid/102797\nhttp://www.securitytracker.com/id/1040282\nhttps://access.redhat.com/errata/RHSA-2018:0265\nhttps://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html\nhttps://crbug.com/793620\nhttps://www.debian.org/security/2018/dsa-4103\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6033\nhttps://vuldb.com/?id.112562",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
RHSA-2018:0265
Vulnerability from csaf_redhat - Published: 2018-02-01 16:06 - Updated: 2026-01-13 21:26Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 64.0.3282.119.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)
* To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", this update reduces the precision of the timing data provided by the Date object and the performance.now() API, and the V8 JavaScript engine now uses masking of certain addresses and array or string indices.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2018:0265
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 64.0.3282.119.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)\n\n* To mitigate timing-based side-channel attacks similar to \"Spectre\" and \"Meltdown\", this update reduces the precision of the timing data provided by the Date object and the performance.now() API, and the V8 JavaScript engine now uses masking of certain addresses and array or string indices.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:0265",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"category": "external",
"summary": "1538503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538503"
},
{
"category": "external",
"summary": "1538504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538504"
},
{
"category": "external",
"summary": "1538505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538505"
},
{
"category": "external",
"summary": "1538506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538506"
},
{
"category": "external",
"summary": "1538507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538507"
},
{
"category": "external",
"summary": "1538508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538508"
},
{
"category": "external",
"summary": "1538509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538509"
},
{
"category": "external",
"summary": "1538510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538510"
},
{
"category": "external",
"summary": "1538511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538511"
},
{
"category": "external",
"summary": "1538512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538512"
},
{
"category": "external",
"summary": "1538513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538513"
},
{
"category": "external",
"summary": "1538514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538514"
},
{
"category": "external",
"summary": "1538515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538515"
},
{
"category": "external",
"summary": "1538516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538516"
},
{
"category": "external",
"summary": "1538517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538517"
},
{
"category": "external",
"summary": "1538518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538518"
},
{
"category": "external",
"summary": "1538519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538519"
},
{
"category": "external",
"summary": "1538520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538520"
},
{
"category": "external",
"summary": "1538522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538522"
},
{
"category": "external",
"summary": "1538523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538523"
},
{
"category": "external",
"summary": "1538524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538524"
},
{
"category": "external",
"summary": "1538525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538525"
},
{
"category": "external",
"summary": "1538526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538526"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0265.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2026-01-13T21:26:51+00:00",
"generator": {
"date": "2026-01-13T21:26:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2018:0265",
"initial_release_date": "2018-02-01T16:06:57+00:00",
"revision_history": [
{
"date": "2018-02-01T16:06:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-02-01T16:06:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T21:26:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"product": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"product_id": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@64.0.3282.119-1.el6_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"product_id": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@64.0.3282.119-1.el6_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"product": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"product_id": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@64.0.3282.119-1.el6_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"product": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"product_id": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@64.0.3282.119-1.el6_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6031",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538503"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6031"
},
{
"category": "external",
"summary": "RHBZ#1538503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6031"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2018-6032",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538504"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: same origin bypass in shared worker",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6032"
},
{
"category": "external",
"summary": "RHBZ#1538504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538504"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6032"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: same origin bypass in shared worker"
},
{
"cve": "CVE-2018-6033",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538505"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: race when opening downloaded files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6033"
},
{
"category": "external",
"summary": "RHBZ#1538505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6033"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: race when opening downloaded files"
},
{
"cve": "CVE-2018-6034",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538506"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: integer overflow in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6034"
},
{
"category": "external",
"summary": "RHBZ#1538506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538506"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6034"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: integer overflow in blink"
},
{
"cve": "CVE-2018-6035",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538507"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient isolation of devtools from extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6035"
},
{
"category": "external",
"summary": "RHBZ#1538507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6035"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient isolation of devtools from extensions"
},
{
"cve": "CVE-2018-6036",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538508"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: integer underflow in webassembly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6036"
},
{
"category": "external",
"summary": "RHBZ#1538508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6036"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: integer underflow in webassembly"
},
{
"cve": "CVE-2018-6037",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538509"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient user gesture requirements in autofill",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6037"
},
{
"category": "external",
"summary": "RHBZ#1538509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6037"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6037",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6037"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient user gesture requirements in autofill"
},
{
"cve": "CVE-2018-6038",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538510"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap buffer overflow in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6038"
},
{
"category": "external",
"summary": "RHBZ#1538510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538510"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6038"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6038",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6038"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: heap buffer overflow in webgl"
},
{
"cve": "CVE-2018-6039",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538511"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: xss in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6039"
},
{
"category": "external",
"summary": "RHBZ#1538511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6039"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: xss in devtools"
},
{
"cve": "CVE-2018-6040",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538512"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: content security policy bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6040"
},
{
"category": "external",
"summary": "RHBZ#1538512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6040"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: content security policy bypass"
},
{
"cve": "CVE-2018-6041",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538513"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in navigation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6041"
},
{
"category": "external",
"summary": "RHBZ#1538513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538513"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6041"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoof in navigation"
},
{
"cve": "CVE-2018-6042",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538514"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6042"
},
{
"category": "external",
"summary": "RHBZ#1538514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538514"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6042"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoof in omnibox"
},
{
"cve": "CVE-2018-6043",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538515"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient escaping with external url handlers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6043"
},
{
"category": "external",
"summary": "RHBZ#1538515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6043",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6043"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient escaping with external url handlers"
},
{
"cve": "CVE-2018-6045",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538516"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient isolation of devtools from extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6045"
},
{
"category": "external",
"summary": "RHBZ#1538516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6045",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6045"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6045"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient isolation of devtools from extensions"
},
{
"cve": "CVE-2018-6046",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538517"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: insufficient isolation of devtools from extensions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6046"
},
{
"category": "external",
"summary": "RHBZ#1538517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6046"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: insufficient isolation of devtools from extensions"
},
{
"cve": "CVE-2018-6047",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538518"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross origin url leak in webgl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6047"
},
{
"category": "external",
"summary": "RHBZ#1538518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6047",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6047"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: cross origin url leak in webgl"
},
{
"cve": "CVE-2018-6048",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538519"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: referrer policy bypass in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6048"
},
{
"category": "external",
"summary": "RHBZ#1538519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6048",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6048"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: referrer policy bypass in blink"
},
{
"cve": "CVE-2018-6049",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538520"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoof in permissions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6049"
},
{
"category": "external",
"summary": "RHBZ#1538520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6049"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: ui spoof in permissions"
},
{
"cve": "CVE-2018-6050",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538522"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoof in omnibox",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6050"
},
{
"category": "external",
"summary": "RHBZ#1538522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6050"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6050"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: url spoof in omnibox"
},
{
"cve": "CVE-2018-6051",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538523"
}
],
"notes": [
{
"category": "description",
"text": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: referrer leak in xss auditor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6051"
},
{
"category": "external",
"summary": "RHBZ#1538523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6051"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: referrer leak in xss auditor"
},
{
"cve": "CVE-2018-6052",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538524"
}
],
"notes": [
{
"category": "description",
"text": "Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: incomplete no-referrer policy implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6052"
},
{
"category": "external",
"summary": "RHBZ#1538524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6052"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: incomplete no-referrer policy implementation"
},
{
"cve": "CVE-2018-6053",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538525"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: leak of page thumbnails in new tab page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6053"
},
{
"category": "external",
"summary": "RHBZ#1538525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6053"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: leak of page thumbnails in new tab page"
},
{
"cve": "CVE-2018-6054",
"discovery_date": "2018-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1538526"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in webui",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6054"
},
{
"category": "external",
"summary": "RHBZ#1538526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6054",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6054"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6054",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6054"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
}
],
"release_date": "2018-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: use after free in webui"
},
{
"cve": "CVE-2018-6055",
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633393"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Insufficient policy enforcement in Catalog Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6055"
},
{
"category": "external",
"summary": "RHBZ#1633393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6055",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6055"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Insufficient policy enforcement in Catalog Service"
},
{
"cve": "CVE-2018-6119",
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633390"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Spoof of contents of the Omnibox (URL bar) via a crafted HTML page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-6119"
},
{
"category": "external",
"summary": "RHBZ#1633390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-6119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6119"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-02-01T16:06:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Client-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Server-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-0:64.0.3282.119-1.el6_9.x86_64",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.i686",
"6Workstation-Supplementary-6.9.z:chromium-browser-debuginfo-0:64.0.3282.119-1.el6_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Spoof of contents of the Omnibox (URL bar) via a crafted HTML page"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…