Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5176
Vulnerability from cvelistv5
Published
2016-09-29 10:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:53:48.254Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://crbug.com/595838" }, { "name": "93234", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93234" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "name": "RHSA-2016:1905", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-09-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://crbug.com/595838" }, { "name": "93234", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93234" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "name": "RHSA-2016:1905", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2016-5176", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://crbug.com/595838", "refsource": "CONFIRM", "url": "https://crbug.com/595838" }, { "name": "93234", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93234" }, { "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "refsource": "CONFIRM", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "name": "RHSA-2016:1905", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2016-5176", "datePublished": "2016-09-29T10:00:00", "dateReserved": "2016-05-31T00:00:00", "dateUpdated": "2024-08-06T00:53:48.254Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-5176\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-09-29T10:59:02.877\",\"lastModified\":\"2024-11-21T02:53:46.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Google Chrome en versiones anteriores a 53.0.2785.113 permite a atacantes remotos eludir el mecanismo de protecci\u00f3n SafeBrowsing a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"53.0.2785.101\",\"matchCriteriaId\":\"AC271026-1CD7-42F7-8754-1C5144AD590B\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1905.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/93234\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/595838\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1905.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/595838\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2016_1905
Vulnerability from csaf_redhat
Published
2016-09-16 07:27
Modified
2024-11-14 20:49
Summary
Red Hat Security Advisory: chromium-browser security update
Notes
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.113.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.113.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5170, CVE-2016-5171, CVE-2016-5175, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2016:1905", "url": "https://access.redhat.com/errata/RHSA-2016:1905" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "category": "external", "summary": "1375863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863" }, { "category": "external", "summary": "1375864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864" }, { "category": "external", "summary": "1375865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865" }, { "category": "external", "summary": "1375866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866" }, { "category": "external", "summary": "1375867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867" }, { "category": "external", "summary": "1375868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1905.json" } ], "title": "Red Hat Security Advisory: chromium-browser security update", "tracking": { "current_release_date": "2024-11-14T20:49:00+00:00", "generator": { "date": "2024-11-14T20:49:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2016:1905", "initial_release_date": "2016-09-16T07:27:20+00:00", "revision_history": [ { "date": "2016-09-16T07:27:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2016-09-16T07:27:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T20:49:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "product": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=i686" } } }, { "category": "product_version", "name": "chromium-browser-0:53.0.2785.113-1.el6.i686", "product": { "name": "chromium-browser-0:53.0.2785.113-1.el6.i686", "product_id": "chromium-browser-0:53.0.2785.113-1.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64", "product": { "name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64", "product_id": "chromium-browser-0:53.0.2785.113-1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser@53.0.2785.113-1.el6?arch=x86_64" } } }, { "category": "product_version", "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "product": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "product_id": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/chromium-browser-debuginfo@53.0.2785.113-1.el6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686" }, "product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64" }, "product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686" }, "product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "relates_to_product_reference": "6Client-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686" }, "product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64" }, "product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686" }, "product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "relates_to_product_reference": "6Server-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686" }, "product_reference": "chromium-browser-0:53.0.2785.113-1.el6.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64" }, "product_reference": "chromium-browser-0:53.0.2785.113-1.el6.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686" }, "product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" }, { "category": "default_component_of", "full_product_name": { "name": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" }, "product_reference": "chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "relates_to_product_reference": "6Workstation-Supplementary-6.8.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-5170", "discovery_date": "2016-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375863" } ], "notes": [ { "category": "description", "text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: use after free in blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5170" }, { "category": "external", "summary": "RHBZ#1375863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5170", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5170" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5170" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: use after free in blink" }, { "cve": "CVE-2016-5171", "discovery_date": "2016-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375864" } ], "notes": [ { "category": "description", "text": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: use after free in blink", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5171" }, { "category": "external", "summary": "RHBZ#1375864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5171", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5171" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: use after free in blink" }, { "cve": "CVE-2016-5172", "discovery_date": "2016-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375865" } ], "notes": [ { "category": "description", "text": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: arbitrary memory read in v8", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5172" }, { "category": "external", "summary": "RHBZ#1375865", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375865" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5172", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: arbitrary memory read in v8" }, { "cve": "CVE-2016-5173", "discovery_date": "2016-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375866" } ], "notes": [ { "category": "description", "text": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: extension resource access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5173" }, { "category": "external", "summary": "RHBZ#1375866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375866" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5173", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5173" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5173" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: extension resource access" }, { "cve": "CVE-2016-5174", "discovery_date": "2016-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375867" } ], "notes": [ { "category": "description", "text": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: popup not correctly suppressed", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5174" }, { "category": "external", "summary": "RHBZ#1375867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5174", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5174" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5174" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: popup not correctly suppressed" }, { "cve": "CVE-2016-5175", "discovery_date": "2016-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375868" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: various fixes from internal audits", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5175" }, { "category": "external", "summary": "RHBZ#1375868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5175", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5175" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chromium-browser: various fixes from internal audits" }, { "cve": "CVE-2016-5176", "discovery_date": "2016-09-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1380331" } ], "notes": [ { "category": "description", "text": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: SafeBrowsing protection mechanism bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5176" }, { "category": "external", "summary": "RHBZ#1380331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380331" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5176", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5176" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html", "url": "https://googlechromereleases.blogspot.cz/2016/09/stable-channel-update-for-desktop_13.html" } ], "release_date": "2016-09-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: SafeBrowsing protection mechanism bypass" }, { "cve": "CVE-2016-7549", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2016-09-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1380301" } ], "notes": [ { "category": "description", "text": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: DoS via invalid recipient of IPC message", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7549" }, { "category": "external", "summary": "RHBZ#1380301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380301" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7549", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7549" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7549" } ], "release_date": "2016-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-09-16T07:27:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "product_ids": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1905" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Client-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Server-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-0:53.0.2785.113-1.el6.x86_64", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.i686", "6Workstation-Supplementary-6.8.z:chromium-browser-debuginfo-0:53.0.2785.113-1.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: DoS via invalid recipient of IPC message" } ] }
ghsa-j9pw-r36r-r9cp
Vulnerability from github
Published
2022-05-14 03:56
Modified
2022-05-14 03:56
Severity ?
Details
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
{ "affected": [], "aliases": [ "CVE-2016-5176" ], "database_specific": { "cwe_ids": [ "CWE-284" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2016-09-29T10:59:00Z", "severity": "MODERATE" }, "details": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.", "id": "GHSA-j9pw-r36r-r9cp", "modified": "2022-05-14T03:56:52Z", "published": "2022-05-14T03:56:52Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5176" }, { "type": "WEB", "url": "https://crbug.com/595838" }, { "type": "WEB", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/93234" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
gsd-2016-5176
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2016-5176", "description": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.", "id": "GSD-2016-5176", "references": [ "https://www.suse.com/security/cve/CVE-2016-5176.html", "https://access.redhat.com/errata/RHSA-2016:1905" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-5176" ], "details": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.", "id": "GSD-2016-5176", "modified": "2023-12-13T01:21:25.327299Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2016-5176", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://crbug.com/595838", "refsource": "CONFIRM", "url": "https://crbug.com/595838" }, { "name": "93234", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93234" }, { "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "refsource": "CONFIRM", "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "name": "RHSA-2016:1905", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "53.0.2785.101", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2016-5176" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-284" } ] } ] }, "references": { "reference_data": [ { "name": "https://crbug.com/595838", "refsource": "CONFIRM", "tags": [ "Permissions Required" ], "url": "https://crbug.com/595838" }, { "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" }, { "name": "93234", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/93234" }, { "name": "RHSA-2016:1905", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } }, "lastModifiedDate": "2018-01-05T02:30Z", "publishedDate": "2016-09-29T10:59Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.