Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-1248
Vulnerability from cvelistv5
Published
2015-04-19 10:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:16.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"name": "DSA-3238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"name": "openSUSE-SU-2015:1887",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"name": "GLSA-201506-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"name": "1032209",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032209"
},
{
"name": "openSUSE-SU-2015:0748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "RHSA-2015:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"name": "DSA-3238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"name": "openSUSE-SU-2015:1887",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"name": "GLSA-201506-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"name": "1032209",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032209"
},
{
"name": "openSUSE-SU-2015:0748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"name": "DSA-3238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"name": "openSUSE-SU-2015:1887",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"name": "GLSA-201506-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"name": "1032209",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032209"
},
{
"name": "openSUSE-SU-2015:0748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=380663",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2015-1248",
"datePublished": "2015-04-19T10:00:00",
"dateReserved": "2015-01-21T00:00:00",
"dateUpdated": "2024-08-06T04:40:16.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1248\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2015-04-19T10:59:11.443\",\"lastModified\":\"2024-11-21T02:24:59.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.\"},{\"lang\":\"es\",\"value\":\"La API FileSystem en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos evadir el mecanismo de protecci\u00f3n de la navegaci\u00f3n segura para ficheros ejecutables (SafeBrowsing for Executable Files) mediante la creaci\u00f3n de un fichero .exe en un sistema de ficheros temporal y posteriormente hacer referencia a este fichero con una URL filesystem:http:.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"40.0.2214.85\",\"matchCriteriaId\":\"B248CC65-0394-4432-9520-52E99C17EA4A\"}]}]}],\"references\":[{\"url\":\"http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0816.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3238\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1032209\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=380663\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201506-04\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0816.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://code.google.com/p/chromium/issues/detail?id=380663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201506-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2015:0816
Vulnerability from csaf_redhat
Published
2015-04-16 08:33
Modified
2024-11-14 18:08
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238,
CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245,
CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 42.0.2311.90, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238,\nCVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245,\nCVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 42.0.2311.90, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0816",
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"category": "external",
"summary": "1211919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211919"
},
{
"category": "external",
"summary": "1211920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211920"
},
{
"category": "external",
"summary": "1211921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211921"
},
{
"category": "external",
"summary": "1211922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211922"
},
{
"category": "external",
"summary": "1211923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211923"
},
{
"category": "external",
"summary": "1211924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211924"
},
{
"category": "external",
"summary": "1211925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211925"
},
{
"category": "external",
"summary": "1211926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211926"
},
{
"category": "external",
"summary": "1211927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211927"
},
{
"category": "external",
"summary": "1211928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211928"
},
{
"category": "external",
"summary": "1211929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211929"
},
{
"category": "external",
"summary": "1211930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"
},
{
"category": "external",
"summary": "1211932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211932"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0816.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:08:12+00:00",
"generator": {
"date": "2024-11-14T18:08:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0816",
"initial_release_date": "2015-04-16T08:33:19+00:00",
"revision_history": [
{
"date": "2015-04-16T08:33:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-04-16T08:33:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:08:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@42.0.2311.90-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@42.0.2311.90-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1235",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211919"
}
],
"notes": [
{
"category": "description",
"text": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin-bypass in HTML parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1235"
},
{
"category": "external",
"summary": "RHBZ#1211919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1235"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin-bypass in HTML parser"
},
{
"cve": "CVE-2015-1236",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211920"
}
],
"notes": [
{
"category": "description",
"text": "The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin-bypass in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1236"
},
{
"category": "external",
"summary": "RHBZ#1211920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211920"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1236"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin-bypass in Blink"
},
{
"cve": "CVE-2015-1237",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211921"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IPC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1237"
},
{
"category": "external",
"summary": "RHBZ#1211921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1237"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1237",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1237"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IPC"
},
{
"cve": "CVE-2015-1238",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211922"
}
],
"notes": [
{
"category": "description",
"text": "Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1238"
},
{
"category": "external",
"summary": "RHBZ#1211922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1238"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in Skia"
},
{
"cve": "CVE-2015-1240",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211923"
}
],
"notes": [
{
"category": "description",
"text": "gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in WebGL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1240"
},
{
"category": "external",
"summary": "RHBZ#1211923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1240"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in WebGL"
},
{
"cve": "CVE-2015-1241",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211924"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a \"tapjacking\" attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: tap-jacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1241"
},
{
"category": "external",
"summary": "RHBZ#1211924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1241"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: tap-jacking vulnerability"
},
{
"cve": "CVE-2015-1242",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211925"
}
],
"notes": [
{
"category": "description",
"text": "The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages \"type confusion\" in the check-elimination optimization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1242"
},
{
"category": "external",
"summary": "RHBZ#1211925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1242"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in V8"
},
{
"cve": "CVE-2015-1244",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211926"
}
],
"notes": [
{
"category": "description",
"text": "The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HSTS bypass in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1244"
},
{
"category": "external",
"summary": "RHBZ#1211926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1244"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HSTS bypass in WebSockets"
},
{
"cve": "CVE-2015-1245",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211927"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium \"Open PDF in Reader\" button that has an invalid tab association.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1245"
},
{
"category": "external",
"summary": "RHBZ#1211927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1245"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Use-after-free in PDFium"
},
{
"cve": "CVE-2015-1246",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211928"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1246"
},
{
"category": "external",
"summary": "RHBZ#1211928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1246"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in Blink"
},
{
"cve": "CVE-2015-1247",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211929"
}
],
"notes": [
{
"category": "description",
"text": "The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Scheme issues in OpenSearch",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1247"
},
{
"category": "external",
"summary": "RHBZ#1211929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1247"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Scheme issues in OpenSearch"
},
{
"cve": "CVE-2015-1248",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211930"
}
],
"notes": [
{
"category": "description",
"text": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SafeBrowsing bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1248"
},
{
"category": "external",
"summary": "RHBZ#1211930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SafeBrowsing bypass"
},
{
"cve": "CVE-2015-1249",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211932"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1249"
},
{
"category": "external",
"summary": "RHBZ#1211932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1249",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1249"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives"
}
]
}
RHSA-2015:0816
Vulnerability from csaf_redhat
Published
2015-04-16 08:33
Modified
2024-11-14 18:08
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238,
CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245,
CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 42.0.2311.90, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238,\nCVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245,\nCVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 42.0.2311.90, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0816",
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"category": "external",
"summary": "1211919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211919"
},
{
"category": "external",
"summary": "1211920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211920"
},
{
"category": "external",
"summary": "1211921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211921"
},
{
"category": "external",
"summary": "1211922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211922"
},
{
"category": "external",
"summary": "1211923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211923"
},
{
"category": "external",
"summary": "1211924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211924"
},
{
"category": "external",
"summary": "1211925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211925"
},
{
"category": "external",
"summary": "1211926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211926"
},
{
"category": "external",
"summary": "1211927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211927"
},
{
"category": "external",
"summary": "1211928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211928"
},
{
"category": "external",
"summary": "1211929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211929"
},
{
"category": "external",
"summary": "1211930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"
},
{
"category": "external",
"summary": "1211932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211932"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0816.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:08:12+00:00",
"generator": {
"date": "2024-11-14T18:08:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0816",
"initial_release_date": "2015-04-16T08:33:19+00:00",
"revision_history": [
{
"date": "2015-04-16T08:33:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-04-16T08:33:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:08:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@42.0.2311.90-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@42.0.2311.90-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1235",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211919"
}
],
"notes": [
{
"category": "description",
"text": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin-bypass in HTML parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1235"
},
{
"category": "external",
"summary": "RHBZ#1211919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1235"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin-bypass in HTML parser"
},
{
"cve": "CVE-2015-1236",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211920"
}
],
"notes": [
{
"category": "description",
"text": "The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin-bypass in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1236"
},
{
"category": "external",
"summary": "RHBZ#1211920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211920"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1236"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin-bypass in Blink"
},
{
"cve": "CVE-2015-1237",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211921"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IPC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1237"
},
{
"category": "external",
"summary": "RHBZ#1211921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1237"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1237",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1237"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IPC"
},
{
"cve": "CVE-2015-1238",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211922"
}
],
"notes": [
{
"category": "description",
"text": "Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1238"
},
{
"category": "external",
"summary": "RHBZ#1211922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1238"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in Skia"
},
{
"cve": "CVE-2015-1240",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211923"
}
],
"notes": [
{
"category": "description",
"text": "gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in WebGL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1240"
},
{
"category": "external",
"summary": "RHBZ#1211923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1240"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in WebGL"
},
{
"cve": "CVE-2015-1241",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211924"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a \"tapjacking\" attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: tap-jacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1241"
},
{
"category": "external",
"summary": "RHBZ#1211924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1241"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: tap-jacking vulnerability"
},
{
"cve": "CVE-2015-1242",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211925"
}
],
"notes": [
{
"category": "description",
"text": "The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages \"type confusion\" in the check-elimination optimization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1242"
},
{
"category": "external",
"summary": "RHBZ#1211925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1242"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in V8"
},
{
"cve": "CVE-2015-1244",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211926"
}
],
"notes": [
{
"category": "description",
"text": "The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HSTS bypass in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1244"
},
{
"category": "external",
"summary": "RHBZ#1211926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1244"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HSTS bypass in WebSockets"
},
{
"cve": "CVE-2015-1245",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211927"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium \"Open PDF in Reader\" button that has an invalid tab association.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1245"
},
{
"category": "external",
"summary": "RHBZ#1211927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1245"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Use-after-free in PDFium"
},
{
"cve": "CVE-2015-1246",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211928"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1246"
},
{
"category": "external",
"summary": "RHBZ#1211928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1246"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in Blink"
},
{
"cve": "CVE-2015-1247",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211929"
}
],
"notes": [
{
"category": "description",
"text": "The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Scheme issues in OpenSearch",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1247"
},
{
"category": "external",
"summary": "RHBZ#1211929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1247"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Scheme issues in OpenSearch"
},
{
"cve": "CVE-2015-1248",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211930"
}
],
"notes": [
{
"category": "description",
"text": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SafeBrowsing bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1248"
},
{
"category": "external",
"summary": "RHBZ#1211930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SafeBrowsing bypass"
},
{
"cve": "CVE-2015-1249",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211932"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1249"
},
{
"category": "external",
"summary": "RHBZ#1211932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1249",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1249"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives"
}
]
}
rhsa-2015_0816
Vulnerability from csaf_redhat
Published
2015-04-16 08:33
Modified
2024-11-14 18:08
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238,
CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245,
CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249)
All Chromium users should upgrade to these updated packages, which contain
Chromium version 42.0.2311.90, which corrects these issues. After
installing the update, Chromium must be restarted for the changes to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated chromium-browser packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium.(CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238,\nCVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245,\nCVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 42.0.2311.90, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0816",
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"category": "external",
"summary": "1211919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211919"
},
{
"category": "external",
"summary": "1211920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211920"
},
{
"category": "external",
"summary": "1211921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211921"
},
{
"category": "external",
"summary": "1211922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211922"
},
{
"category": "external",
"summary": "1211923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211923"
},
{
"category": "external",
"summary": "1211924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211924"
},
{
"category": "external",
"summary": "1211925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211925"
},
{
"category": "external",
"summary": "1211926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211926"
},
{
"category": "external",
"summary": "1211927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211927"
},
{
"category": "external",
"summary": "1211928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211928"
},
{
"category": "external",
"summary": "1211929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211929"
},
{
"category": "external",
"summary": "1211930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"
},
{
"category": "external",
"summary": "1211932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211932"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0816.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-14T18:08:12+00:00",
"generator": {
"date": "2024-11-14T18:08:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2015:0816",
"initial_release_date": "2015-04-16T08:33:19+00:00",
"revision_history": [
{
"date": "2015-04-16T08:33:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-04-16T08:33:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:08:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product_id": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@42.0.2311.90-1.el6_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product_id": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@42.0.2311.90-1.el6_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product_id": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@42.0.2311.90-1.el6_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.src as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.src",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1235",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211919"
}
],
"notes": [
{
"category": "description",
"text": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin-bypass in HTML parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1235"
},
{
"category": "external",
"summary": "RHBZ#1211919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1235"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin-bypass in HTML parser"
},
{
"cve": "CVE-2015-1236",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211920"
}
],
"notes": [
{
"category": "description",
"text": "The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin-bypass in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1236"
},
{
"category": "external",
"summary": "RHBZ#1211920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211920"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1236"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin-bypass in Blink"
},
{
"cve": "CVE-2015-1237",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211921"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IPC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1237"
},
{
"category": "external",
"summary": "RHBZ#1211921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1237"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1237",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1237"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IPC"
},
{
"cve": "CVE-2015-1238",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211922"
}
],
"notes": [
{
"category": "description",
"text": "Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds write in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1238"
},
{
"category": "external",
"summary": "RHBZ#1211922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1238"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds write in Skia"
},
{
"cve": "CVE-2015-1240",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211923"
}
],
"notes": [
{
"category": "description",
"text": "gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in WebGL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1240"
},
{
"category": "external",
"summary": "RHBZ#1211923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1240"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in WebGL"
},
{
"cve": "CVE-2015-1241",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211924"
}
],
"notes": [
{
"category": "description",
"text": "Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a \"tapjacking\" attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: tap-jacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1241"
},
{
"category": "external",
"summary": "RHBZ#1211924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1241"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: tap-jacking vulnerability"
},
{
"cve": "CVE-2015-1242",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211925"
}
],
"notes": [
{
"category": "description",
"text": "The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages \"type confusion\" in the check-elimination optimization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Type confusion in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1242"
},
{
"category": "external",
"summary": "RHBZ#1211925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211925"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1242"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Type confusion in V8"
},
{
"cve": "CVE-2015-1244",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211926"
}
],
"notes": [
{
"category": "description",
"text": "The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HSTS bypass in WebSockets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1244"
},
{
"category": "external",
"summary": "RHBZ#1211926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1244"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HSTS bypass in WebSockets"
},
{
"cve": "CVE-2015-1245",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211927"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium \"Open PDF in Reader\" button that has an invalid tab association.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in PDFium",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1245"
},
{
"category": "external",
"summary": "RHBZ#1211927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1245",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1245"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Use-after-free in PDFium"
},
{
"cve": "CVE-2015-1246",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211928"
}
],
"notes": [
{
"category": "description",
"text": "Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds read in Blink",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1246"
},
{
"category": "external",
"summary": "RHBZ#1211928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1246"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Out-of-bounds read in Blink"
},
{
"cve": "CVE-2015-1247",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211929"
}
],
"notes": [
{
"category": "description",
"text": "The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Scheme issues in OpenSearch",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1247"
},
{
"category": "external",
"summary": "RHBZ#1211929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1247"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Scheme issues in OpenSearch"
},
{
"cve": "CVE-2015-1248",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211930"
}
],
"notes": [
{
"category": "description",
"text": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SafeBrowsing bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1248"
},
{
"category": "external",
"summary": "RHBZ#1211930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SafeBrowsing bypass"
},
{
"cve": "CVE-2015-1249",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2015-04-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1211932"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1249"
},
{
"category": "external",
"summary": "RHBZ#1211932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1249",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1249"
},
{
"category": "external",
"summary": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-04-16T08:33:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0816"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Client-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Client-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Server-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Server-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.src",
"6Workstation-Supplementary-6.6.z:chromium-browser-0:42.0.2311.90-1.el6_6.x86_64",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.i686",
"6Workstation-Supplementary-6.6.z:chromium-browser-debuginfo-0:42.0.2311.90-1.el6_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Various fixes from internal audits, fuzzing and other initiatives"
}
]
}
fkie_cve-2015-1248
Vulnerability from fkie_nvd
Published
2015-04-19 10:59
Modified
2024-11-21 02:24
Severity ?
Summary
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| chrome | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B248CC65-0394-4432-9520-52E99C17EA4A",
"versionEndIncluding": "40.0.2214.85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."
},
{
"lang": "es",
"value": "La API FileSystem en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos evadir el mecanismo de protecci\u00f3n de la navegaci\u00f3n segura para ficheros ejecutables (SafeBrowsing for Executable Files) mediante la creaci\u00f3n de un fichero .exe en un sistema de ficheros temporal y posteriormente hacer referencia a este fichero con una URL filesystem:http:."
}
],
"id": "CVE-2015-1248",
"lastModified": "2024-11-21T02:24:59.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-19T10:59:11.443",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1032209"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201506-04"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-prgf-rqp7-pmqx
Vulnerability from github
Published
2022-05-17 03:09
Modified
2022-05-17 03:09
Details
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
{
"affected": [],
"aliases": [
"CVE-2015-1248"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-04-19T10:59:00Z",
"severity": "MODERATE"
},
"details": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.",
"id": "GHSA-prgf-rqp7-pmqx",
"modified": "2022-05-17T03:09:52Z",
"published": "2022-05-17T03:09:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1248"
},
{
"type": "WEB",
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032209"
}
],
"schema_version": "1.4.0",
"severity": []
}
gsd-2015-1248
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-1248",
"description": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.",
"id": "GSD-2015-1248",
"references": [
"https://www.suse.com/security/cve/CVE-2015-1248.html",
"https://www.debian.org/security/2015/dsa-3238",
"https://access.redhat.com/errata/RHSA-2015:0816",
"https://advisories.mageia.org/CVE-2015-1248.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-1248"
],
"details": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.",
"id": "GSD-2015-1248",
"modified": "2023-12-13T01:20:05.798538Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"name": "DSA-3238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"name": "openSUSE-SU-2015:1887",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"name": "GLSA-201506-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"name": "1032209",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032209"
},
{
"name": "openSUSE-SU-2015:0748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=380663",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "40.0.2214.85",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1248"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=380663",
"refsource": "CONFIRM",
"tags": [],
"url": "https://code.google.com/p/chromium/issues/detail?id=380663"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"
},
{
"name": "DSA-3238",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2015/dsa-3238"
},
{
"name": "1032209",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1032209"
},
{
"name": "openSUSE-SU-2015:1887",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
},
{
"name": "GLSA-201506-04",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"name": "RHSA-2015:0816",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"
},
{
"name": "openSUSE-SU-2015:0748",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-01-03T02:59Z",
"publishedDate": "2015-04-19T10:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.