RHSA-2016:2067
Vulnerability from csaf_redhat - Published: 2016-10-17 08:42 - Updated: 2025-11-21 17:57Summary
Red Hat Security Advisory: chromium-browser security update
Severity
Important
Notes
Topic: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 54.0.2840.59.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2016:2067
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 54.0.2840.59.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5187, CVE-2016-5194, CVE-2016-5186, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2067",
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "1384347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384347"
},
{
"category": "external",
"summary": "1384348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384348"
},
{
"category": "external",
"summary": "1384349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384349"
},
{
"category": "external",
"summary": "1384350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384350"
},
{
"category": "external",
"summary": "1384352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384352"
},
{
"category": "external",
"summary": "1384354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384354"
},
{
"category": "external",
"summary": "1384355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384355"
},
{
"category": "external",
"summary": "1384357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384357"
},
{
"category": "external",
"summary": "1384358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384358"
},
{
"category": "external",
"summary": "1384360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384360"
},
{
"category": "external",
"summary": "1384361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384361"
},
{
"category": "external",
"summary": "1384362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384362"
},
{
"category": "external",
"summary": "1384364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384364"
},
{
"category": "external",
"summary": "1384365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384365"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2067.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2025-11-21T17:57:52+00:00",
"generator": {
"date": "2025-11-21T17:57:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2016:2067",
"initial_release_date": "2016-10-17T08:42:02+00:00",
"revision_history": [
{
"date": "2016-10-17T08:42:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T08:42:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:57:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product_id": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@54.0.2840.59-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product_id": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@54.0.2840.59-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product_id": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@54.0.2840.59-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product_id": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@54.0.2840.59-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5181",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384347"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5181"
},
{
"category": "external",
"summary": "RHBZ#1384347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5181"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: universal xss in blink"
},
{
"cve": "CVE-2016-5182",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384348"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: heap overflow in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5182"
},
{
"category": "external",
"summary": "RHBZ#1384348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384348"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5182"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: heap overflow in blink"
},
{
"cve": "CVE-2016-5183",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384349"
}
],
"notes": [
{
"category": "description",
"text": "A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5183"
},
{
"category": "external",
"summary": "RHBZ#1384349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5183"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5184",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384350"
}
],
"notes": [
{
"category": "description",
"text": "PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in pdfium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5184"
},
{
"category": "external",
"summary": "RHBZ#1384350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5184",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5184"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in pdfium"
},
{
"cve": "CVE-2016-5185",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384352"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5185"
},
{
"category": "external",
"summary": "RHBZ#1384352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5185",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5185"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: use after free in blink"
},
{
"cve": "CVE-2016-5186",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384360"
}
],
"notes": [
{
"category": "description",
"text": "Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: out of bounds read in devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5186"
},
{
"category": "external",
"summary": "RHBZ#1384360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5186"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: out of bounds read in devtools"
},
{
"cve": "CVE-2016-5187",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384354"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5187"
},
{
"category": "external",
"summary": "RHBZ#1384354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5187"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: url spoofing"
},
{
"cve": "CVE-2016-5188",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384355"
}
],
"notes": [
{
"category": "description",
"text": "Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: ui spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5188"
},
{
"category": "external",
"summary": "RHBZ#1384355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5188"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: ui spoofing"
},
{
"cve": "CVE-2016-5189",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384358"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: url spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5189"
},
{
"category": "external",
"summary": "RHBZ#1384358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5189"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: url spoofing"
},
{
"cve": "CVE-2016-5190",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384362"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: use after free in internals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5190"
},
{
"category": "external",
"summary": "RHBZ#1384362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5190"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: use after free in internals"
},
{
"cve": "CVE-2016-5191",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384361"
}
],
"notes": [
{
"category": "description",
"text": "Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: universal xss in bookmarks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5191"
},
{
"category": "external",
"summary": "RHBZ#1384361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5191"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: universal xss in bookmarks"
},
{
"cve": "CVE-2016-5192",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384357"
}
],
"notes": [
{
"category": "description",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: cross-origin bypass in blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5192"
},
{
"category": "external",
"summary": "RHBZ#1384357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5192",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5192"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: cross-origin bypass in blink"
},
{
"cve": "CVE-2016-5193",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384364"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: scheme bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5193"
},
{
"category": "external",
"summary": "RHBZ#1384364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5193"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: scheme bypass"
},
{
"cve": "CVE-2016-5194",
"discovery_date": "2016-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1384365"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: various fixes from internal audits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5194"
},
{
"category": "external",
"summary": "RHBZ#1384365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5194",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5194"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2016-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T08:42:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2067"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-0:54.0.2840.59-1.el6.x86_64",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.i686",
"6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:54.0.2840.59-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: various fixes from internal audits"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…