Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13693
Vulnerability from cvelistv5
Published
2019-11-25 14:22
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1005753"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "77.0.3865.120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T14:22:54",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1005753"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77.0.3865.120"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1005753",
"refsource": "MISC",
"url": "https://crbug.com/1005753"
},
{
"name": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-13693",
"datePublished": "2019-11-25T14:22:54",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13693\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-11-25T15:15:32.137\",\"lastModified\":\"2024-11-21T04:25:31.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Un uso de la memoria previamente liberada en IndexedDB en Google Chrome versiones anteriores a 77.0.3865.120, permiti\u00f3 a un atacante remoto, que hab\u00eda comprometido el proceso del renderizador, ejecutar c\u00f3digo arbitrario por medio de una p\u00e1gina HTML dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"77.0.3865.120\",\"matchCriteriaId\":\"AC513704-8439-4C46-B66B-5A46DCDE5D7A\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/1005753\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/1005753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2019-13693
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13693",
"description": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"id": "GSD-2019-13693",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13693.html",
"https://www.debian.org/security/2019/dsa-4562",
"https://access.redhat.com/errata/RHSA-2019:3211",
"https://advisories.mageia.org/CVE-2019-13693.html",
"https://security.archlinux.org/CVE-2019-13693"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13693"
],
"details": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"id": "GSD-2019-13693",
"modified": "2023-12-13T01:23:41.090363Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77.0.3865.120"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1005753",
"refsource": "MISC",
"url": "https://crbug.com/1005753"
},
{
"name": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "77.0.3865.120",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13693"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1005753",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1005753"
},
{
"name": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-11-26T16:00Z",
"publishedDate": "2019-11-25T15:15Z"
}
}
}
ghsa-ch82-rwfx-hg86
Vulnerability from github
Published
2022-05-24 17:01
Modified
2022-05-24 17:01
Details
Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2019-13693"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-25T15:15:00Z",
"severity": "MODERATE"
},
"details": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"id": "GHSA-ch82-rwfx-hg86",
"modified": "2022-05-24T17:01:55Z",
"published": "2022-05-24T17:01:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1005753"
}
],
"schema_version": "1.4.0",
"severity": []
}
rhsa-2019_3211
Vulnerability from csaf_redhat
Published
2019-10-29 09:30
Modified
2024-11-15 08:27
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 77.0.3865.120.
Security Fix(es):
* chromium-browser: Use-after-free in media (CVE-2019-5870)
* chromium-browser: Heap overflow in Skia (CVE-2019-5871)
* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)
* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)
* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)
* chromium-browser: Use-after-free in media (CVE-2019-5876)
* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)
* chromium-browser: Use-after-free in V8 (CVE-2019-5878)
* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)
* chromium-browser: Use-after-free in media (CVE-2019-13688)
* chromium-browser: Omnibox spoof (CVE-2019-13691)
* chromium-browser: SOP bypass (CVE-2019-13692)
* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)
* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)
* chromium-browser: Use-after-free in audio (CVE-2019-13695)
* chromium-browser: Use-after-free in V8 (CVE-2019-13696)
* chromium-browser: Cross-origin size leak (CVE-2019-13697)
* chromium-browser: Extensions can read some local files (CVE-2019-5879)
* chromium-browser: SameSite cookie bypass (CVE-2019-5880)
* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)
* chromium-browser: URL spoof (CVE-2019-13659)
* chromium-browser: Full screen notification overlap (CVE-2019-13660)
* chromium-browser: Full screen notification spoof (CVE-2019-13661)
* chromium-browser: CSP bypass (CVE-2019-13662)
* chromium-browser: IDN spoof (CVE-2019-13663)
* chromium-browser: CSRF bypass (CVE-2019-13664)
* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)
* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)
* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)
* chromium-browser: Global window leak via console (CVE-2019-13668)
* chromium-browser: HTTP authentication spoof (CVE-2019-13669)
* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)
* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)
* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)
* chromium-browser: IDN spoofing (CVE-2019-13674)
* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)
* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)
* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)
* chromium-browser: Download dialog spoofing (CVE-2019-13678)
* chromium-browser: User gesture needed for printing (CVE-2019-13679)
* chromium-browser: IP address spoofing to servers (CVE-2019-13680)
* chromium-browser: Bypass on download restrictions (CVE-2019-13681)
* chromium-browser: Site isolation bypass (CVE-2019-13682)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es):\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files (CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:3211",
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3211.json"
}
],
"title": "Red Hat Security Advisory: chromium-browser security update",
"tracking": {
"current_release_date": "2024-11-15T08:27:27+00:00",
"generator": {
"date": "2024-11-15T08:27:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2019:3211",
"initial_release_date": "2019-10-29T09:30:00+00:00",
"revision_history": [
{
"date": "2019-10-29T09:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-10-29T09:30:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:27:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_id": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/chromium-browser-debuginfo@77.0.3865.120-2.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Client-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6)",
"product_id": "6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Server-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
},
"product_reference": "chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-Supplementary-6.10.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5870",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762366"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "RHBZ#1762366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5870"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5871",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762367"
}
],
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Heap overflow in Skia",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "RHBZ#1762367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5871"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Heap overflow in Skia"
},
{
"cve": "CVE-2019-5872",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762368"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in Mojo",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "RHBZ#1762368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5872"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5872"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in Mojo"
},
{
"cve": "CVE-2019-5874",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762370"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: External URIs may trigger other browsers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "RHBZ#1762370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5874"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: External URIs may trigger other browsers"
},
{
"cve": "CVE-2019-5875",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762371"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL bar spoof via download redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "RHBZ#1762371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5875"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: URL bar spoof via download redirect"
},
{
"cve": "CVE-2019-5876",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762374"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "RHBZ#1762374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5876"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5876"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-5877",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762375"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Out-of-bounds access in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "RHBZ#1762375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762375"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5877"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Out-of-bounds access in V8"
},
{
"cve": "CVE-2019-5878",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762376"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "RHBZ#1762376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5878"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-5879",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762377"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can read some local files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "RHBZ#1762377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5879"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Extensions can read some local files"
},
{
"cve": "CVE-2019-5880",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762378"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SameSite cookie bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "RHBZ#1762378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5880"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: SameSite cookie bypass"
},
{
"cve": "CVE-2019-5881",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762379"
}
],
"notes": [
{
"category": "description",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Arbitrary read in SwiftShader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "RHBZ#1762379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5881"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Arbitrary read in SwiftShader"
},
{
"cve": "CVE-2019-13659",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762380"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URL spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "RHBZ#1762380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13659",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13659"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13659"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URL spoof"
},
{
"cve": "CVE-2019-13660",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762381"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification overlap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "RHBZ#1762381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13660"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification overlap"
},
{
"cve": "CVE-2019-13661",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762382"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Full screen notification spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "RHBZ#1762382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13661",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13661"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13661"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Full screen notification spoof"
},
{
"cve": "CVE-2019-13662",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762383"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "RHBZ#1762383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13662",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13662"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13662"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSP bypass"
},
{
"cve": "CVE-2019-13663",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762384"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "RHBZ#1762384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762384"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13663",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13663"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13663"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: IDN spoof"
},
{
"cve": "CVE-2019-13664",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762385"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: CSRF bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "RHBZ#1762385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13664"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: CSRF bypass"
},
{
"cve": "CVE-2019-13665",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762386"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Multiple file download protection bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "RHBZ#1762386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13665"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Multiple file download protection bypass"
},
{
"cve": "CVE-2019-13666",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762387"
}
],
"notes": [
{
"category": "description",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Side channel using storage size estimate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "RHBZ#1762387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13666"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Side channel using storage size estimate"
},
{
"cve": "CVE-2019-13667",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762388"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: URI bar spoof when using external app URIs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "RHBZ#1762388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13667"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: URI bar spoof when using external app URIs"
},
{
"cve": "CVE-2019-13668",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762389"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Global window leak via console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "RHBZ#1762389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13668",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13668"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Global window leak via console"
},
{
"cve": "CVE-2019-13669",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762390"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: HTTP authentication spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "RHBZ#1762390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13669"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13669"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: HTTP authentication spoof"
},
{
"cve": "CVE-2019-13670",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762391"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: V8 memory corruption in regex",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "RHBZ#1762391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13670",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13670"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13670"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: V8 memory corruption in regex"
},
{
"cve": "CVE-2019-13671",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762392"
}
],
"notes": [
{
"category": "description",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Dialog box fails to show origin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "RHBZ#1762392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13671"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13671"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Dialog box fails to show origin"
},
{
"cve": "CVE-2019-13673",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762393"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin information leak using devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "RHBZ#1762393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13673"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "chromium-browser: Cross-origin information leak using devtools"
},
{
"cve": "CVE-2019-13674",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762394"
}
],
"notes": [
{
"category": "description",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IDN spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "RHBZ#1762394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13674"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IDN spoofing"
},
{
"cve": "CVE-2019-13675",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762395"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Extensions can be disabled by trailing slash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "RHBZ#1762395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13675"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Extensions can be disabled by trailing slash"
},
{
"cve": "CVE-2019-13676",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762396"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Google URI shown for certificate warning",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "RHBZ#1762396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13676"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Google URI shown for certificate warning"
},
{
"cve": "CVE-2019-13677",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762397"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Chrome web store origin needs to be isolated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "RHBZ#1762397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13677"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Chrome web store origin needs to be isolated"
},
{
"cve": "CVE-2019-13678",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762398"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Download dialog spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "RHBZ#1762398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13678"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Download dialog spoofing"
},
{
"cve": "CVE-2019-13679",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762399"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: User gesture needed for printing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "RHBZ#1762399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13679"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: User gesture needed for printing"
},
{
"cve": "CVE-2019-13680",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762400"
}
],
"notes": [
{
"category": "description",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: IP address spoofing to servers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "RHBZ#1762400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13680"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: IP address spoofing to servers"
},
{
"cve": "CVE-2019-13681",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762401"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Bypass on download restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "RHBZ#1762401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13681"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13681"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Bypass on download restrictions"
},
{
"cve": "CVE-2019-13682",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762402"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Site isolation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "RHBZ#1762402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762402"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13682"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Site isolation bypass"
},
{
"cve": "CVE-2019-13683",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762403"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Exceptions leaked by devtools",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "RHBZ#1762403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13683"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "chromium-browser: Exceptions leaked by devtools"
},
{
"cve": "CVE-2019-13685",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762473"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13685"
},
{
"category": "external",
"summary": "RHBZ#1762473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762473"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13685"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "chromium-browser: Use-after-free in UI"
},
{
"cve": "CVE-2019-13686",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762476"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in offline pages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13686"
},
{
"category": "external",
"summary": "RHBZ#1762476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13686"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13686"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in offline pages"
},
{
"cve": "CVE-2019-13687",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762475"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13687"
},
{
"category": "external",
"summary": "RHBZ#1762475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13687"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13688",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762474"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in media",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13688"
},
{
"category": "external",
"summary": "RHBZ#1762474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13688"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13688"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html"
}
],
"release_date": "2019-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in media"
},
{
"cve": "CVE-2019-13691",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762372"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Omnibox spoof",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13691"
},
{
"category": "external",
"summary": "RHBZ#1762372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762372"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13691"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Omnibox spoof"
},
{
"cve": "CVE-2019-13692",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762373"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: SOP bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13692"
},
{
"category": "external",
"summary": "RHBZ#1762373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13692"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: SOP bypass"
},
{
"cve": "CVE-2019-13693",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762518"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in IndexedDB",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13693"
},
{
"category": "external",
"summary": "RHBZ#1762518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13693"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in IndexedDB"
},
{
"cve": "CVE-2019-13694",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762519"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in WebRTC",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13694"
},
{
"category": "external",
"summary": "RHBZ#1762519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13694"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13694"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in WebRTC"
},
{
"cve": "CVE-2019-13695",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762520"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in audio",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13695"
},
{
"category": "external",
"summary": "RHBZ#1762520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13695"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in audio"
},
{
"cve": "CVE-2019-13696",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762521"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use-after-free in V8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13696"
},
{
"category": "external",
"summary": "RHBZ#1762521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13696"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13696"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use-after-free in V8"
},
{
"cve": "CVE-2019-13697",
"discovery_date": "2019-10-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1762522"
}
],
"notes": [
{
"category": "description",
"text": "Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Cross-origin size leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-13697"
},
{
"category": "external",
"summary": "RHBZ#1762522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-13697",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13697"
},
{
"category": "external",
"summary": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html"
}
],
"release_date": "2019-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-10-29T09:30:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.",
"product_ids": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:3211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Client-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6ComputeNode-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Server-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-0:77.0.3865.120-2.el6_10.x86_64",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.i686",
"6Workstation-Supplementary-6.10.z:chromium-browser-debuginfo-0:77.0.3865.120-2.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Cross-origin size leak"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.